{"url":"http://public2.vulnerablecode.io/api/packages/179052?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@1.9.0.Final","type":"maven","namespace":"org.keycloak","name":"keycloak-core","version":"1.9.0.Final","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"26.1.3","latest_non_vulnerable_version":"26.1.3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53187?format=json","vulnerability_id":"VCID-14c3-xa9j-mbab","summary":"Incorrect implementation of lockout feature in Keycloak\nA flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to a wrong error message displayed when wrong credentials are entered. The highest threat from this vulnerability is to confidentiality.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3513.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3513.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2021-3513","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2021-3513"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3513","reference_id":"","reference_type":"","scores":[{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42077","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42131","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42201","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.41991","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42073","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42207","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42214","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42238","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42174","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.4213","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42225","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42189","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42216","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42156","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3513"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1953439","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1953439"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/pull/7976","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/7976"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3513","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3513"},{"reference_url":"https://security.archlinux.org/ASA-202105-6","reference_id":"ASA-202105-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-6"},{"reference_url":"https://security.archlinux.org/AVG-1926","reference_id":"AVG-1926","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1926"},{"reference_url":"https://github.com/advisories/GHSA-xv7h-95r7-595j","reference_id":"GHSA-xv7h-95r7-595j","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xv7h-95r7-595j"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3527","reference_id":"RHSA-2021:3527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3527"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3528","reference_id":"RHSA-2021:3528","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3528"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3529","reference_id":"RHSA-2021:3529","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3529"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3534","reference_id":"RHSA-2021:3534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3534"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76699?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@13.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-j1rd-aem6-vfgj"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-yaxc-7za7-zbbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@13.0.0"}],"aliases":["CVE-2021-3513","GHSA-xv7h-95r7-595j"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-14c3-xa9j-mbab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9977?format=json","vulnerability_id":"VCID-28sw-q8sc-5ugs","summary":"Loop with Unreachable Exit Condition ('Infinite Loop')\nkeycloak before version 4.0.0.final is vulnerable to a infinite loop in session replacement. A Keycloak cluster with multiple nodes could mishandle an expired session replacement and lead to an infinite loop. A malicious authenticated user could use this flaw to achieve Denial of Service on the server.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2428","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0877","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0877"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10912.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10912.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10912","reference_id":"","reference_type":"","scores":[{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64779","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.6474","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64757","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64745","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64718","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64755","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64765","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64752","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.6477","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64782","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64639","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64691","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64719","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64677","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00474","scoring_system":"epss","scoring_elements":"0.64725","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10912"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10912","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10912"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1607624","reference_id":"1607624","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1607624"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign-on:7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:single_sign-on:7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign-on:7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10912","reference_id":"CVE-2018-10912","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:N/A:P"},{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10912"},{"reference_url":"https://github.com/advisories/GHSA-h7j7-pw3v-3v3x","reference_id":"GHSA-h7j7-pw3v-3v3x","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h7j7-pw3v-3v3x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32418?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@4.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@4.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/179392?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@4.0.0.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-3ncm-zz6v-2ua2"},{"vulnerability":"VCID-3ued-3fnw-a7h7"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-5apu-r7pn-byet"},{"vulnerability":"VCID-6s4w-hv7a-ffaw"},{"vulnerability":"VCID-78nt-79j3-k3fh"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-96mj-gt5k-23ck"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-cp2f-bjsx-nkfm"},{"vulnerability":"VCID-djwn-hkwg-g3gk"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-e9qa-sy57-fqby"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-gjy5-c6by-2ufg"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-hgu6-1a6g-13bw"},{"vulnerability":"VCID-j1rd-aem6-vfgj"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-kzc8-pgz7-6bep"},{"vulnerability":"VCID-mumt-rvzk-w7d4"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-q38e-e4s5-nkb1"},{"vulnerability":"VCID-s6f1-tnbu-jfaq"},{"vulnerability":"VCID-sghy-8wey-5yg5"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-t22n-hvrb-67b5"},{"vulnerability":"VCID-th5p-51pd-3ffg"},{"vulnerability":"VCID-u5ba-kpd5-67bm"},{"vulnerability":"VCID-v4pf-q8hu-8kda"},{"vulnerability":"VCID-xdxx-tdkj-wbba"},{"vulnerability":"VCID-y1jz-hqab-pycq"},{"vulnerability":"VCID-yaxc-7za7-zbbe"},{"vulnerability":"VCID-yp87-przu-bbbg"},{"vulnerability":"VCID-ysrd-zv5b-wfeg"},{"vulnerability":"VCID-yzy7-9vf5-tfht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@4.0.0.Final"}],"aliases":["CVE-2018-10912","GHSA-h7j7-pw3v-3v3x"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-28sw-q8sc-5ugs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4828?format=json","vulnerability_id":"VCID-2g8t-qjp5-ebc7","summary":"Red Hat Keycloak before version 2.4.0 did not correctly check permissions when handling service account user deletion requests sent to the rest server. An attacker with service account authentication could use this flaw to bypass normal permissions and delete users in a separate realm.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0876.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0876.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0872","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:0872"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0873","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:0873"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8629.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8629.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8629","reference_id":"","reference_type":"","scores":[{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43714","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43854","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43916","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43908","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.4384","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43793","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43795","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43834","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43878","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43901","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43832","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43882","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43885","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43903","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43871","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8629"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388988","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388988"},{"reference_url":"https://github.com/keycloak/keycloak/commit/a78cfa4b2ca979a1981fb371cfdf2c7212f7b6e2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/keycloak/keycloak/commit/a78cfa4b2ca979a1981fb371cfdf2c7212f7b6e2"},{"reference_url":"http://www.securityfocus.com/bid/97392","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/97392"},{"reference_url":"http://www.securitytracker.com/id/1038180","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1038180"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8629","reference_id":"CVE-2016-8629","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8629"},{"reference_url":"https://github.com/advisories/GHSA-778x-2mqv-w6xw","reference_id":"GHSA-778x-2mqv-w6xw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-778x-2mqv-w6xw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0876","reference_id":"RHSA-2017:0876","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0876"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32463?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@2.4.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@2.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/179070?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@2.4.0.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-28sw-q8sc-5ugs"},{"vulnerability":"VCID-2pnb-13et-y3hr"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-3ncm-zz6v-2ua2"},{"vulnerability":"VCID-3ued-3fnw-a7h7"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-5apu-r7pn-byet"},{"vulnerability":"VCID-6s4w-hv7a-ffaw"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7mm5-8378-rua3"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-85y2-ejk7-qud9"},{"vulnerability":"VCID-96mj-gt5k-23ck"},{"vulnerability":"VCID-aps8-cw7n-57g3"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-cp2f-bjsx-nkfm"},{"vulnerability":"VCID-djwn-hkwg-g3gk"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-e9qa-sy57-fqby"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-gjy5-c6by-2ufg"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-hgu6-1a6g-13bw"},{"vulnerability":"VCID-j1rd-aem6-vfgj"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-kzc8-pgz7-6bep"},{"vulnerability":"VCID-mumt-rvzk-w7d4"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-q38e-e4s5-nkb1"},{"vulnerability":"VCID-qexf-7axp-9kas"},{"vulnerability":"VCID-s6f1-tnbu-jfaq"},{"vulnerability":"VCID-sghy-8wey-5yg5"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-t22n-hvrb-67b5"},{"vulnerability":"VCID-th5p-51pd-3ffg"},{"vulnerability":"VCID-u5ba-kpd5-67bm"},{"vulnerability":"VCID-v4pf-q8hu-8kda"},{"vulnerability":"VCID-vnp3-9ddj-qfa2"},{"vulnerability":"VCID-xdxx-tdkj-wbba"},{"vulnerability":"VCID-y1jz-hqab-pycq"},{"vulnerability":"VCID-yaxc-7za7-zbbe"},{"vulnerability":"VCID-yp87-przu-bbbg"},{"vulnerability":"VCID-ysrd-zv5b-wfeg"},{"vulnerability":"VCID-yzy7-9vf5-tfht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@2.4.0.Final"}],"aliases":["CVE-2016-8629","GHSA-778x-2mqv-w6xw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2g8t-qjp5-ebc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9682?format=json","vulnerability_id":"VCID-2pnb-13et-y3hr","summary":"Information Exposure\nIt was found that while parsing the SAML messages the `StaxParserUtil` class of keycloak replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request `ID` field to be the chosen system property which could be obtained in the `InResponseTo` field in the response.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2582.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2582.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2582","reference_id":"","reference_type":"","scores":[{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70353","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70303","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70312","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70294","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70347","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70355","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70199","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70211","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70227","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70205","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70251","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70265","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70289","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70274","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00629","scoring_system":"epss","scoring_elements":"0.70262","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2582"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2582","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2582"},{"reference_url":"http://www.securityfocus.com/bid/101046","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/101046"},{"reference_url":"http://www.securitytracker.com/id/1041707","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1041707"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410481","reference_id":"1410481","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410481"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2582","reference_id":"CVE-2017-2582","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2582"},{"reference_url":"https://github.com/advisories/GHSA-c77r-6f64-478q","reference_id":"GHSA-c77r-6f64-478q","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c77r-6f64-478q"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3216","reference_id":"RHSA-2017:3216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3217","reference_id":"RHSA-2017:3217","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3217"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3218","reference_id":"RHSA-2017:3218","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3218"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3219","reference_id":"RHSA-2017:3219","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3219"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3220","reference_id":"RHSA-2017:3220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0136","reference_id":"RHSA-2019:0136","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0136"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0137","reference_id":"RHSA-2019:0137","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0137"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0139","reference_id":"RHSA-2019:0139","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0139"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/179073?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@2.5.1.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-28sw-q8sc-5ugs"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-3ncm-zz6v-2ua2"},{"vulnerability":"VCID-3ued-3fnw-a7h7"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-5apu-r7pn-byet"},{"vulnerability":"VCID-6s4w-hv7a-ffaw"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7mm5-8378-rua3"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-96mj-gt5k-23ck"},{"vulnerability":"VCID-aps8-cw7n-57g3"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-cp2f-bjsx-nkfm"},{"vulnerability":"VCID-djwn-hkwg-g3gk"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-e9qa-sy57-fqby"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-gjy5-c6by-2ufg"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-hgu6-1a6g-13bw"},{"vulnerability":"VCID-j1rd-aem6-vfgj"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-kzc8-pgz7-6bep"},{"vulnerability":"VCID-mumt-rvzk-w7d4"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-q38e-e4s5-nkb1"},{"vulnerability":"VCID-qexf-7axp-9kas"},{"vulnerability":"VCID-s6f1-tnbu-jfaq"},{"vulnerability":"VCID-sghy-8wey-5yg5"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-t22n-hvrb-67b5"},{"vulnerability":"VCID-th5p-51pd-3ffg"},{"vulnerability":"VCID-u5ba-kpd5-67bm"},{"vulnerability":"VCID-v4pf-q8hu-8kda"},{"vulnerability":"VCID-vnp3-9ddj-qfa2"},{"vulnerability":"VCID-xdxx-tdkj-wbba"},{"vulnerability":"VCID-y1jz-hqab-pycq"},{"vulnerability":"VCID-yaxc-7za7-zbbe"},{"vulnerability":"VCID-yp87-przu-bbbg"},{"vulnerability":"VCID-ysrd-zv5b-wfeg"},{"vulnerability":"VCID-yzy7-9vf5-tfht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@2.5.1.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/32223?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@2.5.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@2.5.1"}],"aliases":["CVE-2017-2582","GHSA-c77r-6f64-478q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2pnb-13et-y3hr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16972?format=json","vulnerability_id":"VCID-2xyb-g3n4-n3ca","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1274.json","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1274.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1274","reference_id":"","reference_type":"","scores":[{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.74741","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.74771","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.7475","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75012","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75057","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75004","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75046","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75007","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00861","scoring_system":"epss","scoring_elements":"0.75036","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00978","scoring_system":"epss","scoring_elements":"0.76766","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00978","scoring_system":"epss","scoring_elements":"0.76794","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00978","scoring_system":"epss","scoring_elements":"0.76801","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00978","scoring_system":"epss","scoring_elements":"0.76762","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00978","scoring_system":"epss","scoring_elements":"0.76813","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00978","scoring_system":"epss","scoring_elements":"0.76771","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1274"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2073157","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2073157"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/fc3c61235fa30132123c17ed8702ff7b3a672fe9","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/fc3c61235fa30132123c17ed8702ff7b3a672fe9"},{"reference_url":"https://github.com/keycloak/keycloak/pull/16764","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/16764"},{"reference_url":"https://herolab.usd.de/security-advisories/usd-2021-0033","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://herolab.usd.de/security-advisories/usd-2021-0033"},{"reference_url":"https://herolab.usd.de/security-advisories/usd-2021-0033/","reference_id":"","reference_type":"","scores":[],"url":"https://herolab.usd.de/security-advisories/usd-2021-0033/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1274","reference_id":"CVE-2022-1274","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1274"},{"reference_url":"https://github.com/advisories/GHSA-m4fv-gm5m-4725","reference_id":"GHSA-m4fv-gm5m-4725","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m4fv-gm5m-4725"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725","reference_id":"GHSA-m4fv-gm5m-4725","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56655?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@20.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-yaxc-7za7-zbbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@20.0.5"}],"aliases":["CVE-2022-1274","GHSA-m4fv-gm5m-4725","GMS-2023-528"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2xyb-g3n4-n3ca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12561?format=json","vulnerability_id":"VCID-3248-31p8-tyd4","summary":"Incorrect Authorization\nA flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access token.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1725","reference_id":"","reference_type":"","scores":[{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29792","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30186","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30188","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30145","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30095","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.3011","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30044","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29974","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29859","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30193","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30223","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30272","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.3009","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.3015","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1725"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1765129","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1765129"},{"reference_url":"https://issues.redhat.com/browse/KEYCLOAK-16550","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/KEYCLOAK-16550"},{"reference_url":"https://security.archlinux.org/AVG-1332","reference_id":"AVG-1332","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1332"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1725","reference_id":"CVE-2020-1725","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1725"},{"reference_url":"https://github.com/advisories/GHSA-p225-pc2x-4jpm","reference_id":"GHSA-p225-pc2x-4jpm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p225-pc2x-4jpm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76699?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@13.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-j1rd-aem6-vfgj"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-yaxc-7za7-zbbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@13.0.0"}],"aliases":["CVE-2020-1725","GHSA-p225-pc2x-4jpm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3248-31p8-tyd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54946?format=json","vulnerability_id":"VCID-3ncm-zz6v-2ua2","summary":"keycloak vulnerable to unauthorized login via mail server setup\nA flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup mail server on this domain and knowing only name of a client can reset password and then log in. For example, for client name 'test' the email address will be 'service-account-test@placeholder.org'.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14837.json","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14837.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14837","reference_id":"","reference_type":"","scores":[{"value":"0.01008","scoring_system":"epss","scoring_elements":"0.77151","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01008","scoring_system":"epss","scoring_elements":"0.77137","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01008","scoring_system":"epss","scoring_elements":"0.7713","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01008","scoring_system":"epss","scoring_elements":"0.77096","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01008","scoring_system":"epss","scoring_elements":"0.77059","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01008","scoring_system":"epss","scoring_elements":"0.77049","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01008","scoring_system":"epss","scoring_elements":"0.77087","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01008","scoring_system":"epss","scoring_elements":"0.77105","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01008","scoring_system":"epss","scoring_elements":"0.77103","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01008","scoring_system":"epss","scoring_elements":"0.77062","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01008","scoring_system":"epss","scoring_elements":"0.77001","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01008","scoring_system":"epss","scoring_elements":"0.77007","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01008","scoring_system":"epss","scoring_elements":"0.77067","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01008","scoring_system":"epss","scoring_elements":"0.77036","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01008","scoring_system":"epss","scoring_elements":"0.77017","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14837"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14837","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14837"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/9a7c1a91a59ab85e7f8889a505be04a71580777f","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/9a7c1a91a59ab85e7f8889a505be04a71580777f"},{"reference_url":"https://issues.jboss.org/browse/KEYCLOAK-10780","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.jboss.org/browse/KEYCLOAK-10780"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14837","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14837"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1730227","reference_id":"1730227","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1730227"},{"reference_url":"https://github.com/advisories/GHSA-cf8f-w2c5-p5jr","reference_id":"GHSA-cf8f-w2c5-p5jr","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cf8f-w2c5-p5jr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41068?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@8.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-5apu-r7pn-byet"},{"vulnerability":"VCID-6s4w-hv7a-ffaw"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-cp2f-bjsx-nkfm"},{"vulnerability":"VCID-djwn-hkwg-g3gk"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-e9qa-sy57-fqby"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-gjy5-c6by-2ufg"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-j1rd-aem6-vfgj"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-kzc8-pgz7-6bep"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-q38e-e4s5-nkb1"},{"vulnerability":"VCID-s6f1-tnbu-jfaq"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-t22n-hvrb-67b5"},{"vulnerability":"VCID-th5p-51pd-3ffg"},{"vulnerability":"VCID-u5ba-kpd5-67bm"},{"vulnerability":"VCID-xdxx-tdkj-wbba"},{"vulnerability":"VCID-y1jz-hqab-pycq"},{"vulnerability":"VCID-yaxc-7za7-zbbe"},{"vulnerability":"VCID-yp87-przu-bbbg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@8.0.0"}],"aliases":["CVE-2019-14837","GHSA-cf8f-w2c5-p5jr"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3ncm-zz6v-2ua2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10775?format=json","vulnerability_id":"VCID-3ued-3fnw-a7h7","summary":"Improper Certificate Validation\nThe X.509 authenticator supports the verification of client certificates through the CRL, where the CRL list can be obtained from the URL provided in the certificate itself (CDP) or through the separately configured path. The CRL are often available over the network through unsecured protocols (`http` or `ldap`) and hence the caller should verify the signature and possibly the certification path. Keycloak currently does not validate signatures on CRL, which can result in a possibility of various attacks like man-in-the-middle.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3875.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3875.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3875","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.1456","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14521","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14528","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14592","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14623","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.1462","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14684","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14735","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14809","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14613","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14703","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14762","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14723","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.1463","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3875"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3875","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3875"},{"reference_url":"http://www.securityfocus.com/bid/108748","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/108748"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1690628","reference_id":"1690628","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1690628"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3875","reference_id":"CVE-2019-3875","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3875"},{"reference_url":"https://github.com/advisories/GHSA-38cg-gg9j-q9j9","reference_id":"GHSA-38cg-gg9j-q9j9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-38cg-gg9j-q9j9"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2067","reference_id":"RHSA-2020:2067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2366","reference_id":"RHSA-2020:2366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2366"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/78796?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@7.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-3ncm-zz6v-2ua2"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-5apu-r7pn-byet"},{"vulnerability":"VCID-6s4w-hv7a-ffaw"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-cp2f-bjsx-nkfm"},{"vulnerability":"VCID-djwn-hkwg-g3gk"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-e9qa-sy57-fqby"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-gjy5-c6by-2ufg"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-j1rd-aem6-vfgj"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-kzc8-pgz7-6bep"},{"vulnerability":"VCID-mumt-rvzk-w7d4"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-q38e-e4s5-nkb1"},{"vulnerability":"VCID-s6f1-tnbu-jfaq"},{"vulnerability":"VCID-sghy-8wey-5yg5"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-t22n-hvrb-67b5"},{"vulnerability":"VCID-th5p-51pd-3ffg"},{"vulnerability":"VCID-u5ba-kpd5-67bm"},{"vulnerability":"VCID-xdxx-tdkj-wbba"},{"vulnerability":"VCID-y1jz-hqab-pycq"},{"vulnerability":"VCID-yaxc-7za7-zbbe"},{"vulnerability":"VCID-yp87-przu-bbbg"},{"vulnerability":"VCID-yzy7-9vf5-tfht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@7.0.0"}],"aliases":["CVE-2019-3875","GHSA-38cg-gg9j-q9j9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3ued-3fnw-a7h7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13889?format=json","vulnerability_id":"VCID-49qw-j7rn-qfdf","summary":"Duplicate Advisory: Keycloak Uses a Key Past its Expiration Date\n# Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-xmmm-jw76-q7vg. This link is maintained to preserve external references.\n\n# Original Description\nA vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds (default). Instead of expiring and deemed unusable around 30 seconds in, the tokens are valid for an additional 30 seconds totaling 1 minute.\nA one time passcode that is valid longer than its expiration time increases the attack window for malicious actors to abuse the system and compromise accounts. Additionally, it increases the attack surface because at any given time, two OTPs are valid.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6502","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:6502"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6503","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:6503"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-7318","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2024-7318"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2301876","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2301876"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7318","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7318"},{"reference_url":"https://github.com/advisories/GHSA-57rh-gr4v-j5f6","reference_id":"GHSA-57rh-gr4v-j5f6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-57rh-gr4v-j5f6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42367?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@24.0.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@24.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/146384?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@25.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-kp25-fan9-jkd2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@25.0.0"}],"aliases":["GHSA-57rh-gr4v-j5f6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-49qw-j7rn-qfdf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46288?format=json","vulnerability_id":"VCID-5apu-r7pn-byet","summary":"keycloak Self Stored Cross-site Scripting vulnerability\nA flaw was found in keycloak in versions before 13.0.0. A Self Stored XSS attack vector escalating to a complete account takeover is possible due to user-supplied data fields not being properly encoded and Javascript code being used to process the data. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20195.json","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20195.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20195","reference_id":"","reference_type":"","scores":[{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53697","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53763","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53746","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53729","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53767","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53772","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53753","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53718","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.5373","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53648","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53669","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53696","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53664","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53717","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53715","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20195"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1919143","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1919143"},{"reference_url":"https://github.com/keycloak/keycloak/commit/717d9515fa131e3d8c8936e41b2e52270fdec976","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/717d9515fa131e3d8c8936e41b2e52270fdec976"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20195","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20195"},{"reference_url":"https://security.archlinux.org/ASA-202102-29","reference_id":"ASA-202102-29","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202102-29"},{"reference_url":"https://security.archlinux.org/AVG-1578","reference_id":"AVG-1578","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1578"},{"reference_url":"https://github.com/advisories/GHSA-q6w2-89hq-hq27","reference_id":"GHSA-q6w2-89hq-hq27","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q6w2-89hq-hq27"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/223872?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@12.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-546n-kc1p-cyhm"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-djwn-hkwg-g3gk"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-e9qa-sy57-fqby"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-j1rd-aem6-vfgj"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-u5ba-kpd5-67bm"},{"vulnerability":"VCID-yaxc-7za7-zbbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@12.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/76699?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@13.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-j1rd-aem6-vfgj"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-yaxc-7za7-zbbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@13.0.0"}],"aliases":["CVE-2021-20195","GHSA-q6w2-89hq-hq27"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5apu-r7pn-byet"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54334?format=json","vulnerability_id":"VCID-6s4w-hv7a-ffaw","summary":"Keycloak vulnerable to Server-Side Request Forgery\nA flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter `request_uri`. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.","references":[{"reference_url":"http://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10770.json","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10770.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10770","reference_id":"","reference_type":"","scores":[{"value":"0.92282","scoring_system":"epss","scoring_elements":"0.99725","published_at":"2026-04-26T12:55:00Z"},{"value":"0.92282","scoring_system":"epss","scoring_elements":"0.99724","published_at":"2026-04-24T12:55:00Z"},{"value":"0.92282","scoring_system":"epss","scoring_elements":"0.99723","published_at":"2026-04-21T12:55:00Z"},{"value":"0.92282","scoring_system":"epss","scoring_elements":"0.9972","published_at":"2026-04-18T12:55:00Z"},{"value":"0.92282","scoring_system":"epss","scoring_elements":"0.99719","published_at":"2026-04-13T12:55:00Z"},{"value":"0.92282","scoring_system":"epss","scoring_elements":"0.99726","published_at":"2026-04-29T12:55:00Z"},{"value":"0.92282","scoring_system":"epss","scoring_elements":"0.99717","published_at":"2026-04-02T12:55:00Z"},{"value":"0.92282","scoring_system":"epss","scoring_elements":"0.99718","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10770"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1846270","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1846270"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/55a064a978b0b7e0f0b93c33931f7dabe7d0d5e2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/keycloak/keycloak/commit/55a064a978b0b7e0f0b93c33931f7dabe7d0d5e2"},{"reference_url":"https://github.com/keycloak/keycloak-documentation/pull/1086","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak-documentation/pull/1086"},{"reference_url":"https://github.com/keycloak/keycloak/pull/7714","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/7714"},{"reference_url":"https://issues.redhat.com/browse/KEYCLOAK-14019","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/KEYCLOAK-14019"},{"reference_url":"https://issues.redhat.com/browse/KEYCLOAK-3426","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/KEYCLOAK-3426"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10770","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10770"},{"reference_url":"https://security.archlinux.org/AVG-1577","reference_id":"AVG-1577","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1577"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/50405.py","reference_id":"CVE-2020-10770","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/50405.py"},{"reference_url":"https://github.com/advisories/GHSA-jh7q-5mwf-qvhw","reference_id":"GHSA-jh7q-5mwf-qvhw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jh7q-5mwf-qvhw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0318","reference_id":"RHSA-2021:0318","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0318"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0319","reference_id":"RHSA-2021:0319","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0319"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0320","reference_id":"RHSA-2021:0320","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0320"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0327","reference_id":"RHSA-2021:0327","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0327"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/223850?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@12.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-546n-kc1p-cyhm"},{"vulnerability":"VCID-5apu-r7pn-byet"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-djwn-hkwg-g3gk"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-e9qa-sy57-fqby"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-j1rd-aem6-vfgj"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-u5ba-kpd5-67bm"},{"vulnerability":"VCID-yaxc-7za7-zbbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@12.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/76699?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@13.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-j1rd-aem6-vfgj"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-yaxc-7za7-zbbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@13.0.0"}],"aliases":["CVE-2020-10770","GHSA-jh7q-5mwf-qvhw"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6s4w-hv7a-ffaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9965?format=json","vulnerability_id":"VCID-6wdp-9pvw-ybgp","summary":"Improper Authentication\nIt was found that the keycloak before 2.3.0 did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user's session. This could lead to information disclosure, or permit further possible attacks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8609.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8609.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8609","reference_id":"","reference_type":"","scores":[{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.3504","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35449","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35437","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35385","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.3515","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35129","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35288","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35488","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35512","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35396","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35442","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35466","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35476","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35433","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00149","scoring_system":"epss","scoring_elements":"0.35409","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8609"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1386729","reference_id":"1386729","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1386729"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8609","reference_id":"CVE-2016-8609","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8609"},{"reference_url":"https://github.com/advisories/GHSA-95m6-mjh3-58gm","reference_id":"GHSA-95m6-mjh3-58gm","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-95m6-mjh3-58gm"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2945","reference_id":"RHSA-2016:2945","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2945"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/179068?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@2.3.0.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-28sw-q8sc-5ugs"},{"vulnerability":"VCID-2g8t-qjp5-ebc7"},{"vulnerability":"VCID-2pnb-13et-y3hr"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-3ncm-zz6v-2ua2"},{"vulnerability":"VCID-3ued-3fnw-a7h7"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-5apu-r7pn-byet"},{"vulnerability":"VCID-6s4w-hv7a-ffaw"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7mm5-8378-rua3"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-85y2-ejk7-qud9"},{"vulnerability":"VCID-96mj-gt5k-23ck"},{"vulnerability":"VCID-aps8-cw7n-57g3"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-cp2f-bjsx-nkfm"},{"vulnerability":"VCID-djwn-hkwg-g3gk"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-e9qa-sy57-fqby"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-gjy5-c6by-2ufg"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-hgu6-1a6g-13bw"},{"vulnerability":"VCID-j1rd-aem6-vfgj"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-kzc8-pgz7-6bep"},{"vulnerability":"VCID-mumt-rvzk-w7d4"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-q38e-e4s5-nkb1"},{"vulnerability":"VCID-qexf-7axp-9kas"},{"vulnerability":"VCID-s6f1-tnbu-jfaq"},{"vulnerability":"VCID-sghy-8wey-5yg5"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-t22n-hvrb-67b5"},{"vulnerability":"VCID-th5p-51pd-3ffg"},{"vulnerability":"VCID-u5ba-kpd5-67bm"},{"vulnerability":"VCID-v4pf-q8hu-8kda"},{"vulnerability":"VCID-vnp3-9ddj-qfa2"},{"vulnerability":"VCID-xdxx-tdkj-wbba"},{"vulnerability":"VCID-y1jz-hqab-pycq"},{"vulnerability":"VCID-yaxc-7za7-zbbe"},{"vulnerability":"VCID-yp87-przu-bbbg"},{"vulnerability":"VCID-ysrd-zv5b-wfeg"},{"vulnerability":"VCID-yzy7-9vf5-tfht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@2.3.0.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/32224?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@2.3.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@2.3.0"}],"aliases":["CVE-2016-8609","GHSA-95m6-mjh3-58gm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6wdp-9pvw-ybgp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30666?format=json","vulnerability_id":"VCID-7j7q-m1zp-zfac","summary":"Keycloak has lack of validation of access token on client registrations endpoint\nWhen a service account with the create-client or manage-clients role can use the client-registration endpoints to create/manage clients with an access token.\n\nIf the access token is leaked, there is an option to revoke the specific token. However, the check is not performed in client-registration endpoints.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0091.json","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0091.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-0091","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:08:50Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-0091"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0091","reference_id":"","reference_type":"","scores":[{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27972","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28414","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28371","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28313","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28325","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28303","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28257","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28162","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.2805","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28469","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28511","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28302","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28367","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28411","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0091"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0091","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0091"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2158585","reference_id":"2158585","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2158585"},{"reference_url":"https://github.com/advisories/GHSA-v436-q368-hvgg","reference_id":"GHSA-v436-q368-hvgg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v436-q368-hvgg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71492?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@20.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-yaxc-7za7-zbbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@20.0.3"}],"aliases":["CVE-2023-0091","GHSA-v436-q368-hvgg","GMS-2023-37"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7j7q-m1zp-zfac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9974?format=json","vulnerability_id":"VCID-7mm5-8378-rua3","summary":"Weak Password Recovery Mechanism for Forgotten Password\nIt was found that keycloak before 3.4.2 final would permit misuse of a client-side /etc/hosts entry to spoof a URL in a password reset request. An attacker could use this flaw to craft a malicious password reset request and gain a valid reset token, leading to information disclosure or further attacks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12161.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12161.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12161","reference_id":"","reference_type":"","scores":[{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51226","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51281","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51321","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51329","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51307","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51254","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51184","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51237","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51262","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.5122","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51276","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51273","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51317","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51295","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12161"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1484564","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1484564"},{"reference_url":"https://github.com/keycloak/keycloak-documentation/pull/268/commits/a2b58aadee42af2c375b72e86dffc2cf23cc3770","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak-documentation/pull/268/commits/a2b58aadee42af2c375b72e86dffc2cf23cc3770"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12161","reference_id":"CVE-2017-12161","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12161"},{"reference_url":"https://github.com/advisories/GHSA-959q-32g8-vvp7","reference_id":"GHSA-959q-32g8-vvp7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-959q-32g8-vvp7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/179270?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@3.4.2.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-28sw-q8sc-5ugs"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-3ncm-zz6v-2ua2"},{"vulnerability":"VCID-3ued-3fnw-a7h7"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-5apu-r7pn-byet"},{"vulnerability":"VCID-6s4w-hv7a-ffaw"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-96mj-gt5k-23ck"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-cp2f-bjsx-nkfm"},{"vulnerability":"VCID-djwn-hkwg-g3gk"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-e9qa-sy57-fqby"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-gjy5-c6by-2ufg"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-hgu6-1a6g-13bw"},{"vulnerability":"VCID-j1rd-aem6-vfgj"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-kzc8-pgz7-6bep"},{"vulnerability":"VCID-mumt-rvzk-w7d4"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-q38e-e4s5-nkb1"},{"vulnerability":"VCID-qexf-7axp-9kas"},{"vulnerability":"VCID-s6f1-tnbu-jfaq"},{"vulnerability":"VCID-sghy-8wey-5yg5"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-t22n-hvrb-67b5"},{"vulnerability":"VCID-th5p-51pd-3ffg"},{"vulnerability":"VCID-u5ba-kpd5-67bm"},{"vulnerability":"VCID-v4pf-q8hu-8kda"},{"vulnerability":"VCID-xdxx-tdkj-wbba"},{"vulnerability":"VCID-y1jz-hqab-pycq"},{"vulnerability":"VCID-yaxc-7za7-zbbe"},{"vulnerability":"VCID-yp87-przu-bbbg"},{"vulnerability":"VCID-ysrd-zv5b-wfeg"},{"vulnerability":"VCID-yzy7-9vf5-tfht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@3.4.2.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/32391?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@3.4.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@3.4.2"}],"aliases":["CVE-2017-12161","GHSA-959q-32g8-vvp7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7mm5-8378-rua3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13449?format=json","vulnerability_id":"VCID-7xuf-btg3-ckf6","summary":"Keycloak Denial of Service vulnerability\nA denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited, an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values. The issue is fixed in Keycloak 24 with the introduction of the User Profile feature.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6841.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6841.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-6841","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-01T20:20:35Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-6841"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6841","reference_id":"","reference_type":"","scores":[{"value":"0.00613","scoring_system":"epss","scoring_elements":"0.69887","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00613","scoring_system":"epss","scoring_elements":"0.69811","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00613","scoring_system":"epss","scoring_elements":"0.69845","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00613","scoring_system":"epss","scoring_elements":"0.69859","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00613","scoring_system":"epss","scoring_elements":"0.69874","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00613","scoring_system":"epss","scoring_elements":"0.69851","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00613","scoring_system":"epss","scoring_elements":"0.69836","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00613","scoring_system":"epss","scoring_elements":"0.69788","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00613","scoring_system":"epss","scoring_elements":"0.69796","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00613","scoring_system":"epss","scoring_elements":"0.69939","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00613","scoring_system":"epss","scoring_elements":"0.69937","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00613","scoring_system":"epss","scoring_elements":"0.69928","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00613","scoring_system":"epss","scoring_elements":"0.69876","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00613","scoring_system":"epss","scoring_elements":"0.69896","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6841"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2254714","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-01T20:20:35Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2254714"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/issues/32837","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/32837"},{"reference_url":"https://github.com/keycloak/keycloak/releases/tag/24.0.0","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/releases/tag/24.0.0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6841","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6841"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7","reference_id":"cpe:/a:redhat:jboss_fuse:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:mobile_application_platform:4","reference_id":"cpe:/a:redhat:mobile_application_platform:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:mobile_application_platform:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0","reference_id":"cpe:/a:redhat:openshift_application_runtimes:1.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://github.com/advisories/GHSA-w97f-w3hq-36g2","reference_id":"GHSA-w97f-w3hq-36g2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w97f-w3hq-36g2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/47794?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@24.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-kp25-fan9-jkd2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@24.0.0"}],"aliases":["CVE-2023-6841","GHSA-w97f-w3hq-36g2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7xuf-btg3-ckf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8855?format=json","vulnerability_id":"VCID-85y2-ejk7-qud9","summary":"Information Exposure\nKeycloak has an implementation of HMAC verification for JWS tokens that uses a method that runs in non-constant time, potentially leaving the application vulnerable to timing attacks.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0876.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0876.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0872","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:0872"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0873","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:0873"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2585.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2585.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2585","reference_id":"","reference_type":"","scores":[{"value":"0.00671","scoring_system":"epss","scoring_elements":"0.71448","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00671","scoring_system":"epss","scoring_elements":"0.71334","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00671","scoring_system":"epss","scoring_elements":"0.71309","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00671","scoring_system":"epss","scoring_elements":"0.71349","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00671","scoring_system":"epss","scoring_elements":"0.71362","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00671","scoring_system":"epss","scoring_elements":"0.71385","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00671","scoring_system":"epss","scoring_elements":"0.7137","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00671","scoring_system":"epss","scoring_elements":"0.71352","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00671","scoring_system":"epss","scoring_elements":"0.71398","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00671","scoring_system":"epss","scoring_elements":"0.71405","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00671","scoring_system":"epss","scoring_elements":"0.71436","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00671","scoring_system":"epss","scoring_elements":"0.71444","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00671","scoring_system":"epss","scoring_elements":"0.71308","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00671","scoring_system":"epss","scoring_elements":"0.71316","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2585"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1412376","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1412376"},{"reference_url":"https://web.archive.org/web/20170420113802/http://www.securitytracker.com/id/1038180","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170420113802/http://www.securitytracker.com/id/1038180"},{"reference_url":"https://web.archive.org/web/20200227175650/http://www.securityfocus.com/bid/97393","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227175650/http://www.securityfocus.com/bid/97393"},{"reference_url":"http://www.securityfocus.com/bid/97393","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97393"},{"reference_url":"http://www.securitytracker.com/id/1038180","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1038180"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2585","reference_id":"CVE-2017-2585","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2585"},{"reference_url":"https://github.com/advisories/GHSA-w6gv-3r3v-gwgj","reference_id":"GHSA-w6gv-3r3v-gwgj","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w6gv-3r3v-gwgj"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0876","reference_id":"RHSA-2017:0876","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0876"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/179073?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@2.5.1.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-28sw-q8sc-5ugs"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-3ncm-zz6v-2ua2"},{"vulnerability":"VCID-3ued-3fnw-a7h7"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-5apu-r7pn-byet"},{"vulnerability":"VCID-6s4w-hv7a-ffaw"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7mm5-8378-rua3"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-96mj-gt5k-23ck"},{"vulnerability":"VCID-aps8-cw7n-57g3"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-cp2f-bjsx-nkfm"},{"vulnerability":"VCID-djwn-hkwg-g3gk"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-e9qa-sy57-fqby"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-gjy5-c6by-2ufg"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-hgu6-1a6g-13bw"},{"vulnerability":"VCID-j1rd-aem6-vfgj"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-kzc8-pgz7-6bep"},{"vulnerability":"VCID-mumt-rvzk-w7d4"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-q38e-e4s5-nkb1"},{"vulnerability":"VCID-qexf-7axp-9kas"},{"vulnerability":"VCID-s6f1-tnbu-jfaq"},{"vulnerability":"VCID-sghy-8wey-5yg5"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-t22n-hvrb-67b5"},{"vulnerability":"VCID-th5p-51pd-3ffg"},{"vulnerability":"VCID-u5ba-kpd5-67bm"},{"vulnerability":"VCID-v4pf-q8hu-8kda"},{"vulnerability":"VCID-vnp3-9ddj-qfa2"},{"vulnerability":"VCID-xdxx-tdkj-wbba"},{"vulnerability":"VCID-y1jz-hqab-pycq"},{"vulnerability":"VCID-yaxc-7za7-zbbe"},{"vulnerability":"VCID-yp87-przu-bbbg"},{"vulnerability":"VCID-ysrd-zv5b-wfeg"},{"vulnerability":"VCID-yzy7-9vf5-tfht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@2.5.1.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/32223?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@2.5.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@2.5.1"}],"aliases":["CVE-2017-2585","GHSA-w6gv-3r3v-gwgj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-85y2-ejk7-qud9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49168?format=json","vulnerability_id":"VCID-8rnf-e3sa-g7a8","summary":"Moderate severity vulnerability that affects org.keycloak:keycloak-core\nWithdrawn: Duplicate of CVE-2017-12161 / GHSA-959q-32g8-vvp7","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000500.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000500.json"},{"reference_url":"https://github.com/advisories/GHSA-qgm9-232x-hwpx","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qgm9-232x-hwpx"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000500","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000500"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1533319","reference_id":"1533319","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1533319"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77779?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@2.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@2.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/179061?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@2.0.0.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-28sw-q8sc-5ugs"},{"vulnerability":"VCID-2g8t-qjp5-ebc7"},{"vulnerability":"VCID-2pnb-13et-y3hr"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-3ncm-zz6v-2ua2"},{"vulnerability":"VCID-3ued-3fnw-a7h7"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-5apu-r7pn-byet"},{"vulnerability":"VCID-6s4w-hv7a-ffaw"},{"vulnerability":"VCID-6wdp-9pvw-ybgp"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7mm5-8378-rua3"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-85y2-ejk7-qud9"},{"vulnerability":"VCID-96mj-gt5k-23ck"},{"vulnerability":"VCID-aps8-cw7n-57g3"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-cp2f-bjsx-nkfm"},{"vulnerability":"VCID-djwn-hkwg-g3gk"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-e9qa-sy57-fqby"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-gjy5-c6by-2ufg"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-hgu6-1a6g-13bw"},{"vulnerability":"VCID-j1rd-aem6-vfgj"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-kzc8-pgz7-6bep"},{"vulnerability":"VCID-mumt-rvzk-w7d4"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-q38e-e4s5-nkb1"},{"vulnerability":"VCID-qexf-7axp-9kas"},{"vulnerability":"VCID-s6f1-tnbu-jfaq"},{"vulnerability":"VCID-sghy-8wey-5yg5"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-t22n-hvrb-67b5"},{"vulnerability":"VCID-th5p-51pd-3ffg"},{"vulnerability":"VCID-u5ba-kpd5-67bm"},{"vulnerability":"VCID-v4pf-q8hu-8kda"},{"vulnerability":"VCID-vnp3-9ddj-qfa2"},{"vulnerability":"VCID-xdxx-tdkj-wbba"},{"vulnerability":"VCID-y1jz-hqab-pycq"},{"vulnerability":"VCID-yaxc-7za7-zbbe"},{"vulnerability":"VCID-yp87-przu-bbbg"},{"vulnerability":"VCID-ysrd-zv5b-wfeg"},{"vulnerability":"VCID-yzy7-9vf5-tfht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@2.0.0.Final"}],"aliases":["CVE-2017-1000500","GHSA-qgm9-232x-hwpx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8rnf-e3sa-g7a8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50536?format=json","vulnerability_id":"VCID-96mj-gt5k-23ck","summary":"Improper Input Validation and Cross-Site Request Forgery in Keycloak\nIt was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing operations via request from an untrusted domain.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10199.json","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10199.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10199","reference_id":"","reference_type":"","scores":[{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26169","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.2641","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26352","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26359","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26333","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26296","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26227","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.2622","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26454","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26505","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26549","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26331","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26398","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26449","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26456","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10199"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10199","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10199"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10199","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10199"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1729261","reference_id":"1729261","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1729261"},{"reference_url":"https://github.com/advisories/GHSA-p5xp-6vpf-jwvh","reference_id":"GHSA-p5xp-6vpf-jwvh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p5xp-6vpf-jwvh"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2483","reference_id":"RHSA-2019:2483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2483"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2067","reference_id":"RHSA-2020:2067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2366","reference_id":"RHSA-2020:2366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2366"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/78796?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@7.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-3ncm-zz6v-2ua2"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-5apu-r7pn-byet"},{"vulnerability":"VCID-6s4w-hv7a-ffaw"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-cp2f-bjsx-nkfm"},{"vulnerability":"VCID-djwn-hkwg-g3gk"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-e9qa-sy57-fqby"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-gjy5-c6by-2ufg"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-j1rd-aem6-vfgj"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-kzc8-pgz7-6bep"},{"vulnerability":"VCID-mumt-rvzk-w7d4"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-q38e-e4s5-nkb1"},{"vulnerability":"VCID-s6f1-tnbu-jfaq"},{"vulnerability":"VCID-sghy-8wey-5yg5"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-t22n-hvrb-67b5"},{"vulnerability":"VCID-th5p-51pd-3ffg"},{"vulnerability":"VCID-u5ba-kpd5-67bm"},{"vulnerability":"VCID-xdxx-tdkj-wbba"},{"vulnerability":"VCID-y1jz-hqab-pycq"},{"vulnerability":"VCID-yaxc-7za7-zbbe"},{"vulnerability":"VCID-yp87-przu-bbbg"},{"vulnerability":"VCID-yzy7-9vf5-tfht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@7.0.0"}],"aliases":["CVE-2019-10199","GHSA-p5xp-6vpf-jwvh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-96mj-gt5k-23ck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9687?format=json","vulnerability_id":"VCID-aps8-cw7n-57g3","summary":"Loop with Unreachable Exit Condition (Infinite Loop)\nWhen Keycloak receives a Logout request in the middle of the request, the `SAMLSloRequestParser.parse()` method ends in an infinite loop. An attacker could use this flaw to conduct denial of service attacks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2646.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2646.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2646","reference_id":"","reference_type":"","scores":[{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66157","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66117","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66088","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66123","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66137","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66125","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66146","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66158","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66013","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66055","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66083","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.6605","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66098","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66111","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.6613","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2646"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2646","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2646"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"http://www.securityfocus.com/bid/96882","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/96882"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1431230","reference_id":"1431230","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1431230"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2646","reference_id":"CVE-2017-2646","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2646"},{"reference_url":"https://github.com/advisories/GHSA-jc6q-27mw-p55w","reference_id":"GHSA-jc6q-27mw-p55w","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jc6q-27mw-p55w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/179093?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@2.5.5.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-28sw-q8sc-5ugs"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-3ncm-zz6v-2ua2"},{"vulnerability":"VCID-3ued-3fnw-a7h7"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-5apu-r7pn-byet"},{"vulnerability":"VCID-6s4w-hv7a-ffaw"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7mm5-8378-rua3"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-96mj-gt5k-23ck"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-cp2f-bjsx-nkfm"},{"vulnerability":"VCID-djwn-hkwg-g3gk"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-e9qa-sy57-fqby"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-gjy5-c6by-2ufg"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-hgu6-1a6g-13bw"},{"vulnerability":"VCID-j1rd-aem6-vfgj"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-kzc8-pgz7-6bep"},{"vulnerability":"VCID-mumt-rvzk-w7d4"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-q38e-e4s5-nkb1"},{"vulnerability":"VCID-qexf-7axp-9kas"},{"vulnerability":"VCID-s6f1-tnbu-jfaq"},{"vulnerability":"VCID-sghy-8wey-5yg5"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-t22n-hvrb-67b5"},{"vulnerability":"VCID-th5p-51pd-3ffg"},{"vulnerability":"VCID-u5ba-kpd5-67bm"},{"vulnerability":"VCID-v4pf-q8hu-8kda"},{"vulnerability":"VCID-vnp3-9ddj-qfa2"},{"vulnerability":"VCID-xdxx-tdkj-wbba"},{"vulnerability":"VCID-y1jz-hqab-pycq"},{"vulnerability":"VCID-yaxc-7za7-zbbe"},{"vulnerability":"VCID-yp87-przu-bbbg"},{"vulnerability":"VCID-ysrd-zv5b-wfeg"},{"vulnerability":"VCID-yzy7-9vf5-tfht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@2.5.5.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/32329?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@2.5.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@2.5.5"}],"aliases":["CVE-2017-2646","GHSA-jc6q-27mw-p55w"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aps8-cw7n-57g3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53505?format=json","vulnerability_id":"VCID-c8ps-95au-zbg5","summary":"Stored Cross-Site Scripting (XSS) in Keycloak via groups dropdown\n### Summary\n\nA Stored XSS vulnerability was reported in the Keycloak Security mailing list, affecting all the versions of Keycloak, including the latest release (16.0.1). The vulnerability allows a privileged attacker to execute malicious scripts in the admin console, abusing of the groups' dropdown functionality. \n\n### Impact\n\nSuccessful attacks of this vulnerability can result a privileged attacker to load a XSS script, and steal data from other users. The impact can be considered moderate to low, considering privileged credentials are required.\n\n### References\n- Please refer to the Keycloak Security mailing list for more information.","references":[{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m"},{"reference_url":"https://github.com/advisories/GHSA-755v-r4x4-qf7m","reference_id":"GHSA-755v-r4x4-qf7m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-755v-r4x4-qf7m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81109?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@20.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-yaxc-7za7-zbbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@20.0.0"}],"aliases":["GHSA-755v-r4x4-qf7m","GMS-2022-7509"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c8ps-95au-zbg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32482?format=json","vulnerability_id":"VCID-cp2f-bjsx-nkfm","summary":"Predictable password in Keycloak\nA flaw was found in all versions of the Keycloak operator, before version 8.0.2,(community only) where the operator generates a random admin password when installing Keycloak, however the password remains the same when deployed to the same OpenShift namespace.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1731.json","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1731.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1731","reference_id":"","reference_type":"","scores":[{"value":"0.00389","scoring_system":"epss","scoring_elements":"0.59988","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00389","scoring_system":"epss","scoring_elements":"0.60019","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00389","scoring_system":"epss","scoring_elements":"0.60026","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00389","scoring_system":"epss","scoring_elements":"0.60011","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00389","scoring_system":"epss","scoring_elements":"0.59983","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00389","scoring_system":"epss","scoring_elements":"0.6","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00389","scoring_system":"epss","scoring_elements":"0.59856","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00389","scoring_system":"epss","scoring_elements":"0.59933","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00389","scoring_system":"epss","scoring_elements":"0.59959","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00389","scoring_system":"epss","scoring_elements":"0.59928","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00389","scoring_system":"epss","scoring_elements":"0.59978","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00389","scoring_system":"epss","scoring_elements":"0.59992","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00389","scoring_system":"epss","scoring_elements":"0.60013","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00389","scoring_system":"epss","scoring_elements":"0.59998","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00389","scoring_system":"epss","scoring_elements":"0.59979","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1731"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1731","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1731"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1731","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1731"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1801713","reference_id":"1801713","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1801713"},{"reference_url":"https://github.com/advisories/GHSA-6pmv-7pr9-cgrj","reference_id":"GHSA-6pmv-7pr9-cgrj","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6pmv-7pr9-cgrj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/72727?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@8.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-5apu-r7pn-byet"},{"vulnerability":"VCID-6s4w-hv7a-ffaw"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-djwn-hkwg-g3gk"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-e9qa-sy57-fqby"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-gjy5-c6by-2ufg"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-j1rd-aem6-vfgj"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-kzc8-pgz7-6bep"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-q38e-e4s5-nkb1"},{"vulnerability":"VCID-s6f1-tnbu-jfaq"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-t22n-hvrb-67b5"},{"vulnerability":"VCID-th5p-51pd-3ffg"},{"vulnerability":"VCID-u5ba-kpd5-67bm"},{"vulnerability":"VCID-xdxx-tdkj-wbba"},{"vulnerability":"VCID-y1jz-hqab-pycq"},{"vulnerability":"VCID-yaxc-7za7-zbbe"},{"vulnerability":"VCID-yp87-przu-bbbg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@8.0.2"}],"aliases":["CVE-2020-1731","GHSA-6pmv-7pr9-cgrj"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cp2f-bjsx-nkfm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80754?format=json","vulnerability_id":"VCID-djwn-hkwg-g3gk","summary":"keycloak: reusable \"state\" parameter at redirect_uri endpoint enables possibility of replay attacks","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14302.json","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14302.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14302","reference_id":"","reference_type":"","scores":[{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36059","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36254","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36287","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36123","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36172","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.3619","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36196","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36159","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36133","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36175","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.3616","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36108","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35878","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35846","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35759","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14302"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1849584","reference_id":"1849584","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1849584"},{"reference_url":"https://security.archlinux.org/ASA-202105-6","reference_id":"ASA-202105-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-6"},{"reference_url":"https://security.archlinux.org/AVG-1926","reference_id":"AVG-1926","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1926"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14302","reference_id":"CVE-2020-14302","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14302"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0967","reference_id":"RHSA-2021:0967","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0967"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0968","reference_id":"RHSA-2021:0968","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0968"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0969","reference_id":"RHSA-2021:0969","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0969"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0974","reference_id":"RHSA-2021:0974","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0974"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76699?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@13.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-j1rd-aem6-vfgj"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-yaxc-7za7-zbbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@13.0.0"}],"aliases":["CVE-2020-14302"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-djwn-hkwg-g3gk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19109?format=json","vulnerability_id":"VCID-dxj3-8sk5-mfdy","summary":"Insufficient Session Expiration\nA flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8961","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2022:8961"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8962","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2022:8962"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8963","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2022:8963"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8964","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2022:8964"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8965","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2022:8965"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1043","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:1043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1044","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:1044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1045","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:1045"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1047","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:1047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1049","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:1049"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3916","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45293","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45418","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45438","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45382","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45437","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45458","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45428","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4543","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45481","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45477","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45344","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45354","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3916"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2141404","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2141404"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6.1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8","reference_id":"cpe:/a:redhat:rhosemc:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2022-3916","reference_id":"CVE-2022-3916","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2022-3916"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3916","reference_id":"CVE-2022-3916","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3916"},{"reference_url":"https://github.com/advisories/GHSA-97g8-xfvw-q4hg","reference_id":"GHSA-97g8-xfvw-q4hg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-97g8-xfvw-q4hg"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg","reference_id":"GHSA-97g8-xfvw-q4hg","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60121?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@20.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-mavd-c8fd-dkhe"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-yaxc-7za7-zbbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@20.0.2"}],"aliases":["CVE-2022-3916","GHSA-97g8-xfvw-q4hg","GMS-2022-8406"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dxj3-8sk5-mfdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13821?format=json","vulnerability_id":"VCID-e85z-cn66-fye8","summary":"Keycloak Open Redirect vulnerability\nAn open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the `referrer` and `referrer_uri` parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it redirects to a malicious server. This issue can result in a victim inadvertently trusting the destination of the redirect, potentially leading to a successful phishing attack or other types of attacks.\n\nOnce a crafted URL is made, it can be sent to a Keycloak admin via email for example. This will trigger this vulnerability when the user visits the page and clicks the link. A malicious actor can use this to target users they know are Keycloak admins for further attacks. It may also be possible to bypass other domain-related security checks, such as supplying this as a OAuth redirect uri. The malicious actor can further obfuscate the `redirect_uri` using URL encoding, to hide the text of the actual malicious website domain.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6502","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:13:21Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6502"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6503","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:13:21Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6503"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7260.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7260.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-7260","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:13:21Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-7260"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-7260","reference_id":"","reference_type":"","scores":[{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58614","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58628","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58598","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58649","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58656","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58673","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58654","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58634","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58667","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58672","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58648","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58616","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.5863","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58607","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-7260"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2301875","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:13:21Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2301875"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7260","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7260"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24","reference_id":"cpe:/a:redhat:build_keycloak:24","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9","reference_id":"cpe:/a:redhat:build_keycloak:24::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9"},{"reference_url":"https://github.com/advisories/GHSA-g4gc-rh26-m3p5","reference_id":"GHSA-g4gc-rh26-m3p5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g4gc-rh26-m3p5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42367?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@24.0.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@24.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/146384?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@25.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-kp25-fan9-jkd2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@25.0.0"}],"aliases":["CVE-2024-7260","GHSA-g4gc-rh26-m3p5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e85z-cn66-fye8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53344?format=json","vulnerability_id":"VCID-e9qa-sy57-fqby","summary":"Temporary Directory Hijacking Vulnerability in Keycloak\nA flaw was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to the contents that keycloak stores in this directory. The highest threat from this vulnerability is to data confidentiality and integrity.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20202.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20202.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20202","reference_id":"","reference_type":"","scores":[{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.13894","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14081","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14134","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14078","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14036","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.13984","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.13879","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.13871","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.1395","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.13986","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.13961","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14047","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14128","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14184","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.13999","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20202"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1922128","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1922128"},{"reference_url":"https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-7gf3-89f6-823j","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-7gf3-89f6-823j"},{"reference_url":"https://issues.redhat.com/browse/KEYCLOAK-17000","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/KEYCLOAK-17000"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20202","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20202"},{"reference_url":"https://security.archlinux.org/ASA-202105-6","reference_id":"ASA-202105-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-6"},{"reference_url":"https://security.archlinux.org/AVG-1926","reference_id":"AVG-1926","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1926"},{"reference_url":"https://github.com/advisories/GHSA-6xp6-fmc8-pmmr","reference_id":"GHSA-6xp6-fmc8-pmmr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6xp6-fmc8-pmmr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76699?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@13.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-j1rd-aem6-vfgj"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-yaxc-7za7-zbbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@13.0.0"}],"aliases":["CVE-2021-20202","GHSA-6xp6-fmc8-pmmr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e9qa-sy57-fqby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11830?format=json","vulnerability_id":"VCID-eaaa-ejr9-6ygx","summary":"Keycloaks's One Time Passcode (OTP) is valid longer than expiration timeSeverity\nA vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds (default). Instead of expiring and deemed unusable around 30 seconds in, the tokens are valid for an additional 30 seconds totaling 1 minute. A one time passcode that is valid longer than its expiration time increases the attack window for malicious actors to abuse the system and compromise accounts. Additionally, it increases the attack surface because at any given time, two OTPs are valid.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6502","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:08:16Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6502"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6503","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:08:16Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6503"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7318.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7318.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-7318","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:08:16Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-7318"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-7318","reference_id":"","reference_type":"","scores":[{"value":"0.0139","scoring_system":"epss","scoring_elements":"0.80434","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0139","scoring_system":"epss","scoring_elements":"0.80304","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0139","scoring_system":"epss","scoring_elements":"0.80323","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0139","scoring_system":"epss","scoring_elements":"0.80312","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0139","scoring_system":"epss","scoring_elements":"0.8034","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0139","scoring_system":"epss","scoring_elements":"0.80351","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0139","scoring_system":"epss","scoring_elements":"0.8037","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0139","scoring_system":"epss","scoring_elements":"0.80355","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0139","scoring_system":"epss","scoring_elements":"0.80349","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0139","scoring_system":"epss","scoring_elements":"0.80378","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0139","scoring_system":"epss","scoring_elements":"0.8038","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0139","scoring_system":"epss","scoring_elements":"0.80384","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0139","scoring_system":"epss","scoring_elements":"0.8041","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0139","scoring_system":"epss","scoring_elements":"0.80417","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-7318"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2301876","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T19:08:16Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2301876"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-xmmm-jw76-q7vg","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-xmmm-jw76-q7vg"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7318","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7318"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24","reference_id":"cpe:/a:redhat:build_keycloak:24","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9","reference_id":"cpe:/a:redhat:build_keycloak:24::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9"},{"reference_url":"https://github.com/advisories/GHSA-xmmm-jw76-q7vg","reference_id":"GHSA-xmmm-jw76-q7vg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xmmm-jw76-q7vg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42367?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@24.0.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@24.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/42381?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@25.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-kp25-fan9-jkd2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@25.0.4"}],"aliases":["CVE-2024-7318","GHSA-xmmm-jw76-q7vg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eaaa-ejr9-6ygx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53130?format=json","vulnerability_id":"VCID-em5z-nvqy-fucp","summary":"Keycloak has Files or Directories Accessible to External Parties\nClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if available.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3856.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3856.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2021-3856","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2021-3856"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3856","reference_id":"","reference_type":"","scores":[{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58421","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58459","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58481","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58476","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58445","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.5846","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58419","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58434","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58433","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58407","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58464","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58484","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58466","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58329","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00364","scoring_system":"epss","scoring_elements":"0.58413","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3856"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2010164","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2010164"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/73f0474008e1bebd0733e62a22aceda9e5de6743","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/73f0474008e1bebd0733e62a22aceda9e5de6743"},{"reference_url":"https://github.com/keycloak/keycloak/pull/8588","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/8588"},{"reference_url":"https://issues.redhat.com/browse/KEYCLOAK-19422","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/KEYCLOAK-19422"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3856","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3856"},{"reference_url":"https://github.com/advisories/GHSA-3w4v-rvc4-2xpw","reference_id":"GHSA-3w4v-rvc4-2xpw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3w4v-rvc4-2xpw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/80795?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@15.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3bcu-tbpy-gfg6"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-yaxc-7za7-zbbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@15.1.0"}],"aliases":["CVE-2021-3856","GHSA-3w4v-rvc4-2xpw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-em5z-nvqy-fucp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20294?format=json","vulnerability_id":"VCID-engr-q4ge-53dc","summary":"Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')\nA flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7854","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2023:7854"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7855","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2023:7855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7856","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2023:7856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7857","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2023:7857"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7858","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2023:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7860","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2023:7860"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7861","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2023:7861"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6134.json","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6134.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6134","reference_id":"","reference_type":"","scores":[{"value":"0.02468","scoring_system":"epss","scoring_elements":"0.85315","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02468","scoring_system":"epss","scoring_elements":"0.85224","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02468","scoring_system":"epss","scoring_elements":"0.85313","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02468","scoring_system":"epss","scoring_elements":"0.85221","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02468","scoring_system":"epss","scoring_elements":"0.85246","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02468","scoring_system":"epss","scoring_elements":"0.85306","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02468","scoring_system":"epss","scoring_elements":"0.85284","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02468","scoring_system":"epss","scoring_elements":"0.85283","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02468","scoring_system":"epss","scoring_elements":"0.85263","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02468","scoring_system":"epss","scoring_elements":"0.85266","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02468","scoring_system":"epss","scoring_elements":"0.85268","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02468","scoring_system":"epss","scoring_elements":"0.85254","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02468","scoring_system":"epss","scoring_elements":"0.85203","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6134"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2249673","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2249673"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/15a21bf8e4fb71f006ba9caf25b9c9d1d152cd20","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/15a21bf8e4fb71f006ba9caf25b9c9d1d152cd20"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-6134","reference_id":"CVE-2023-6134","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2023-6134"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6134","reference_id":"CVE-2023-6134","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6134"},{"reference_url":"https://github.com/advisories/GHSA-cvg2-7c3j-g36j","reference_id":"GHSA-cvg2-7c3j-g36j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cvg2-7c3j-g36j"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-cvg2-7c3j-g36j","reference_id":"GHSA-cvg2-7c3j-g36j","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-cvg2-7c3j-g36j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61789?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@23.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-kp25-fan9-jkd2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@23.0.0"}],"aliases":["CVE-2023-6134","GHSA-cvg2-7c3j-g36j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-engr-q4ge-53dc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14456?format=json","vulnerability_id":"VCID-epys-8p8v-zugv","summary":"keycloak-core: open redirect via \"form_post.jwt\" JARM response mode\nAn incomplete fix was found in Keycloak Core patch. An attacker can steal authorization codes or tokens from clients using a wildcard in the JARM response mode \"form_post.jwt\". It is observed that changing the response_mode parameter in the original proof of concept from \"form_post\" to \"form_post.jwt\" can bypass the security patch implemented to address CVE-2023-6134.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0094","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:0094"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0095","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:0095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0096","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:0096"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0097","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:0097"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0098","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:0098"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0100","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:0100"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0101","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:0101"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6927.json","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6927.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-6927","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2023-6927"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6927","reference_id":"","reference_type":"","scores":[{"value":"0.00838","scoring_system":"epss","scoring_elements":"0.74755","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00838","scoring_system":"epss","scoring_elements":"0.74633","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00838","scoring_system":"epss","scoring_elements":"0.74665","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00838","scoring_system":"epss","scoring_elements":"0.74679","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00838","scoring_system":"epss","scoring_elements":"0.74703","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00838","scoring_system":"epss","scoring_elements":"0.74682","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00838","scoring_system":"epss","scoring_elements":"0.74674","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00838","scoring_system":"epss","scoring_elements":"0.74711","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00838","scoring_system":"epss","scoring_elements":"0.74719","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00838","scoring_system":"epss","scoring_elements":"0.7471","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00838","scoring_system":"epss","scoring_elements":"0.74746","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00838","scoring_system":"epss","scoring_elements":"0.74752","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00838","scoring_system":"epss","scoring_elements":"0.74632","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00838","scoring_system":"epss","scoring_elements":"0.74658","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6927"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2255027","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2255027"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-9vm7-v8wj-3fqw","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-9vm7-v8wj-3fqw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6927","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6927"},{"reference_url":"https://github.com/advisories/GHSA-3p75-q5cc-qmj7","reference_id":"GHSA-3p75-q5cc-qmj7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3p75-q5cc-qmj7"},{"reference_url":"https://github.com/advisories/GHSA-9vm7-v8wj-3fqw","reference_id":"GHSA-9vm7-v8wj-3fqw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9vm7-v8wj-3fqw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50809?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@23.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-kp25-fan9-jkd2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@23.0.4"}],"aliases":["CVE-2023-6927","GHSA-3p75-q5cc-qmj7","GHSA-9vm7-v8wj-3fqw","GMS-2024-51"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-epys-8p8v-zugv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13930?format=json","vulnerability_id":"VCID-fknh-1j7d-jyeq","summary":"Improper authorization in Keycloak\nDue to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1466.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1466.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1466","reference_id":"","reference_type":"","scores":[{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36209","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36561","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36613","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36632","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36638","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36604","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.3658","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36626","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36609","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36548","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36325","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36295","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.3652","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36692","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36723","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1466"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2050228","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2050228"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-076.txt","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-076.txt"},{"reference_url":"https://www.syss.de/pentest-blog/fehlerhafte-autorisierung-bei-red-hat-single-sign-on-750ga-syss-2021-076","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.syss.de/pentest-blog/fehlerhafte-autorisierung-bei-red-hat-single-sign-on-750ga-syss-2021-076"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1466","reference_id":"CVE-2022-1466","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1466"},{"reference_url":"https://github.com/advisories/GHSA-f32v-vf79-p29q","reference_id":"GHSA-f32v-vf79-p29q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f32v-vf79-p29q"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0449","reference_id":"RHSA-2022:0449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0449"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49975?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@17.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-yaxc-7za7-zbbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@17.0.1"}],"aliases":["CVE-2022-1466","GHSA-f32v-vf79-p29q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fknh-1j7d-jyeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11253?format=json","vulnerability_id":"VCID-gjy5-c6by-2ufg","summary":"Improper Handling of Exceptional Conditions\nA flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector does not handle this events.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1744.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1744.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1744","reference_id":"","reference_type":"","scores":[{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.40932","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.40848","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.40946","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.41043","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56186","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56166","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56217","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56222","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56233","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56209","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56192","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56225","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56227","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56056","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.56165","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1744"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1744","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1744"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1805792","reference_id":"1805792","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1805792"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2020-1744","reference_id":"CVE-2020-1744","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2020-1744"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1744","reference_id":"CVE-2020-1744","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1744"},{"reference_url":"https://github.com/advisories/GHSA-4gf2-xv97-63m2","reference_id":"GHSA-4gf2-xv97-63m2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4gf2-xv97-63m2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0945","reference_id":"RHSA-2020:0945","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0945"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0946","reference_id":"RHSA-2020:0946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0947","reference_id":"RHSA-2020:0947","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0947"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0951","reference_id":"RHSA-2020:0951","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0951"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2252","reference_id":"RHSA-2020:2252","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2905","reference_id":"RHSA-2020:2905","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2905"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39478?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@9.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-255g-p3tj-k7fk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@9.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/82484?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@9.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-546n-kc1p-cyhm"},{"vulnerability":"VCID-5apu-r7pn-byet"},{"vulnerability":"VCID-6s4w-hv7a-ffaw"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-djwn-hkwg-g3gk"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-e9qa-sy57-fqby"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-j1rd-aem6-vfgj"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-q38e-e4s5-nkb1"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-t22n-hvrb-67b5"},{"vulnerability":"VCID-th5p-51pd-3ffg"},{"vulnerability":"VCID-u5ba-kpd5-67bm"},{"vulnerability":"VCID-xdxx-tdkj-wbba"},{"vulnerability":"VCID-yaxc-7za7-zbbe"},{"vulnerability":"VCID-yp87-przu-bbbg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@9.0.2"}],"aliases":["CVE-2020-1744","GHSA-4gf2-xv97-63m2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gjy5-c6by-2ufg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53144?format=json","vulnerability_id":"VCID-gndk-728r-9yh7","summary":"Keycloak allows anyone to register new security device or key for any user by using WebAuthn password-less login flow\nA flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3632.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3632.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2021-3632","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2021-3632"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3632","reference_id":"","reference_type":"","scores":[{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66156","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66012","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66055","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66083","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66049","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66098","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.6611","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66129","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66117","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66087","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66123","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66137","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66125","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66145","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66157","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3632"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1978196","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1978196"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4"},{"reference_url":"https://github.com/keycloak/keycloak/pull/8203","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/8203"},{"reference_url":"https://issues.redhat.com/browse/KEYCLOAK-18500","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/KEYCLOAK-18500"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3632","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3632"},{"reference_url":"https://security.archlinux.org/AVG-1332","reference_id":"AVG-1332","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1332"},{"reference_url":"https://github.com/advisories/GHSA-qpq9-jpv4-6gwr","reference_id":"GHSA-qpq9-jpv4-6gwr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qpq9-jpv4-6gwr"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3527","reference_id":"RHSA-2021:3527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3527"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3528","reference_id":"RHSA-2021:3528","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3528"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3529","reference_id":"RHSA-2021:3529","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3529"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3534","reference_id":"RHSA-2021:3534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3534"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/80795?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@15.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3bcu-tbpy-gfg6"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-yaxc-7za7-zbbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@15.1.0"}],"aliases":["CVE-2021-3632","GHSA-qpq9-jpv4-6gwr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gndk-728r-9yh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17269?format=json","vulnerability_id":"VCID-heqp-u355-wyaz","summary":"Keycloak mTLS Authentication Bypass via Reverse Proxy TLS Termination\nA vulnerability was found in Keycloak. Deployments of Keycloak with a reverse proxy not using pass-through termination of TLS, with mTLS enabled, are affected. This issue may allow an attacker on the local network to authenticate as any user or client that leverages mTLS as the authentication mechanism.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10039.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10039.json"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/issues/35217","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/35217"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-93ww-43rr-79v3","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-93ww-43rr-79v3"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2319217","reference_id":"2319217","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2319217"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-10039","reference_id":"CVE-2024-10039","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-10039"},{"reference_url":"https://github.com/advisories/GHSA-93ww-43rr-79v3","reference_id":"GHSA-93ww-43rr-79v3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-93ww-43rr-79v3"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11645","reference_id":"RHSA-2025:11645","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11645"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57112?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@26.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kp25-fan9-jkd2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@26.0.6"}],"aliases":["CVE-2024-10039","GHSA-93ww-43rr-79v3"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-heqp-u355-wyaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5110?format=json","vulnerability_id":"VCID-hgu6-1a6g-13bw","summary":"The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditions on SAML assertions. An attacker can exploit this vulnerability to perform a replay attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14637.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14637.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14637","reference_id":"","reference_type":"","scores":[{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48468","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48575","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.4857","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48527","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48511","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48522","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48455","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48492","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48514","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48467","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48521","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48517","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48539","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48512","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48525","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14637"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14637","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14637"},{"reference_url":"https://github.com/keycloak/keycloak/commit/0fe0b875d63cce3d2855d85d25bb8757bce13eb1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/keycloak/keycloak/commit/0fe0b875d63cce3d2855d85d25bb8757bce13eb1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1627851","reference_id":"1627851","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1627851"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14637","reference_id":"CVE-2018-14637","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14637"},{"reference_url":"https://github.com/advisories/GHSA-gf2j-7qwg-4f5x","reference_id":"GHSA-gf2j-7qwg-4f5x","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gf2j-7qwg-4f5x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34173?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@4.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@4.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/181582?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@4.6.0.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-3ncm-zz6v-2ua2"},{"vulnerability":"VCID-3ued-3fnw-a7h7"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-5apu-r7pn-byet"},{"vulnerability":"VCID-6s4w-hv7a-ffaw"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-96mj-gt5k-23ck"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-cp2f-bjsx-nkfm"},{"vulnerability":"VCID-djwn-hkwg-g3gk"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-e9qa-sy57-fqby"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-gjy5-c6by-2ufg"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-j1rd-aem6-vfgj"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-kzc8-pgz7-6bep"},{"vulnerability":"VCID-mumt-rvzk-w7d4"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-q38e-e4s5-nkb1"},{"vulnerability":"VCID-s6f1-tnbu-jfaq"},{"vulnerability":"VCID-sghy-8wey-5yg5"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-t22n-hvrb-67b5"},{"vulnerability":"VCID-th5p-51pd-3ffg"},{"vulnerability":"VCID-u5ba-kpd5-67bm"},{"vulnerability":"VCID-v4pf-q8hu-8kda"},{"vulnerability":"VCID-xdxx-tdkj-wbba"},{"vulnerability":"VCID-y1jz-hqab-pycq"},{"vulnerability":"VCID-yaxc-7za7-zbbe"},{"vulnerability":"VCID-yp87-przu-bbbg"},{"vulnerability":"VCID-ysrd-zv5b-wfeg"},{"vulnerability":"VCID-yzy7-9vf5-tfht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@4.6.0.Final"}],"aliases":["CVE-2018-14637","GHSA-gf2j-7qwg-4f5x"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hgu6-1a6g-13bw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53314?format=json","vulnerability_id":"VCID-j1rd-aem6-vfgj","summary":"Keycloak vulnerable to Improper Certificate Validation\nkeycloak accepts an expired certificate by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity.\n\nThis issue was partially fixed in version [13.0.1](https://github.com/keycloak/keycloak/pull/6330) and more completely fixed in version [14.0.0](https://github.com/keycloak/keycloak/pull/8067).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35509.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35509.json"},{"reference_url":"https://access.redhat.com/security/cve/cve-2020-35509","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-30T19:38:02Z/"}],"url":"https://access.redhat.com/security/cve/cve-2020-35509"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35509","reference_id":"","reference_type":"","scores":[{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24923","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.2495","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24958","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24945","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24999","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25039","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24866","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24854","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25137","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25098","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25025","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.2498","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.2481","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24911","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25021","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35509"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1912427","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1912427"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/blob/4f330f4a57cbfcf6202b60546518261c66e59a35/services/src/main/java/org/keycloak/authentication/authenticators/x509/ValidateX509CertificateUsername.java#L74-L76","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/blob/4f330f4a57cbfcf6202b60546518261c66e59a35/services/src/main/java/org/keycloak/authentication/authenticators/x509/ValidateX509CertificateUsername.java#L74-L76"},{"reference_url":"https://github.com/keycloak/keycloak/commit/478319348bdfdb9b6d39122f41edf2af79f679bb","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/478319348bdfdb9b6d39122f41edf2af79f679bb"},{"reference_url":"https://github.com/keycloak/keycloak/pull/6330","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/6330"},{"reference_url":"https://github.com/keycloak/keycloak/pull/8067","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/8067"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35509","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35509"},{"reference_url":"https://security.archlinux.org/ASA-202106-53","reference_id":"ASA-202106-53","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-53"},{"reference_url":"https://security.archlinux.org/AVG-2084","reference_id":"AVG-2084","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2084"},{"reference_url":"https://github.com/advisories/GHSA-rpj2-w6fr-79hc","reference_id":"GHSA-rpj2-w6fr-79hc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rpj2-w6fr-79hc"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3527","reference_id":"RHSA-2021:3527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3527"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3528","reference_id":"RHSA-2021:3528","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3528"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3529","reference_id":"RHSA-2021:3529","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3529"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3534","reference_id":"RHSA-2021:3534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3534"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/80933?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@14.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-yaxc-7za7-zbbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@14.0.0"}],"aliases":["CVE-2020-35509","GHSA-rpj2-w6fr-79hc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j1rd-aem6-vfgj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/26922?format=json","vulnerability_id":"VCID-kp25-fan9-jkd2","summary":"Keycloak allows cross-site scripting (XSS)\nA vulnerability was found in Keycloak. This issue may allow a privileged attacker to use a malicious payload as the permission while creating items (Resource and Permissions) from the admin console, leading to a stored cross-site scripting (XSS) attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4028.json","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4028.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-4028","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T18:38:24Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-4028"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-4028","reference_id":"","reference_type":"","scores":[{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.2909","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29073","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29136","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29178","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29184","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29138","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29086","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29113","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35655","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.3563","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.39759","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.39773","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.39945","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40365","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-4028"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2276418","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-18T18:38:24Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2276418"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4028","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4028"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://github.com/advisories/GHSA-q4xq-445g-g6ch","reference_id":"GHSA-q4xq-445g-g6ch","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q4xq-445g-g6ch"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/748586?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@26.1.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@26.1.3"}],"aliases":["CVE-2024-4028","GHSA-q4xq-445g-g6ch"],"risk_score":1.7,"exploitability":"0.5","weighted_severity":"3.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kp25-fan9-jkd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55369?format=json","vulnerability_id":"VCID-kzc8-pgz7-6bep","summary":"Keycloak Insufficient Session Expiry\nA flaw was found in Keycloak in versions before 9.0.2. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1724.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1724.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1724","reference_id":"","reference_type":"","scores":[{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33067","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33365","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33342","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33377","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33353","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33319","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33164","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33147","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33314","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33451","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33482","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33323","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33369","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33403","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33406","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1724"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1724"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1724","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1724"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1800527","reference_id":"1800527","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1800527"},{"reference_url":"https://github.com/advisories/GHSA-8xj2-47xw-q78c","reference_id":"GHSA-8xj2-47xw-q78c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8xj2-47xw-q78c"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2106","reference_id":"RHSA-2020:2106","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2106"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2107","reference_id":"RHSA-2020:2107","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2107"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2108","reference_id":"RHSA-2020:2108","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2108"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2112","reference_id":"RHSA-2020:2112","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2112"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2252","reference_id":"RHSA-2020:2252","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2905","reference_id":"RHSA-2020:2905","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2905"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82484?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@9.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-546n-kc1p-cyhm"},{"vulnerability":"VCID-5apu-r7pn-byet"},{"vulnerability":"VCID-6s4w-hv7a-ffaw"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-djwn-hkwg-g3gk"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-e9qa-sy57-fqby"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-j1rd-aem6-vfgj"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-q38e-e4s5-nkb1"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-t22n-hvrb-67b5"},{"vulnerability":"VCID-th5p-51pd-3ffg"},{"vulnerability":"VCID-u5ba-kpd5-67bm"},{"vulnerability":"VCID-xdxx-tdkj-wbba"},{"vulnerability":"VCID-yaxc-7za7-zbbe"},{"vulnerability":"VCID-yp87-przu-bbbg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@9.0.2"}],"aliases":["CVE-2020-1724","GHSA-8xj2-47xw-q78c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kzc8-pgz7-6bep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12738?format=json","vulnerability_id":"VCID-mumt-rvzk-w7d4","summary":"Improper Authentication\nA flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. This flaw allows an attacker to gain unauthorized access to the application.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1718.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1718.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1718","reference_id":"","reference_type":"","scores":[{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58618","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.5867","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58675","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58652","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.5862","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58633","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58526","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.5861","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58631","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58601","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58653","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58659","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58677","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58658","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58638","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1718"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1718","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1718"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1796756","reference_id":"1796756","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1796756"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1718","reference_id":"CVE-2020-1718","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1718"},{"reference_url":"https://github.com/advisories/GHSA-j229-2h63-rvh9","reference_id":"GHSA-j229-2h63-rvh9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j229-2h63-rvh9"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2106","reference_id":"RHSA-2020:2106","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2106"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2107","reference_id":"RHSA-2020:2107","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2107"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2108","reference_id":"RHSA-2020:2108","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2108"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2112","reference_id":"RHSA-2020:2112","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2112"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2252","reference_id":"RHSA-2020:2252","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2905","reference_id":"RHSA-2020:2905","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2905"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3196","reference_id":"RHSA-2020:3196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3197","reference_id":"RHSA-2020:3197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3197"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41068?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@8.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-5apu-r7pn-byet"},{"vulnerability":"VCID-6s4w-hv7a-ffaw"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-cp2f-bjsx-nkfm"},{"vulnerability":"VCID-djwn-hkwg-g3gk"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-e9qa-sy57-fqby"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-gjy5-c6by-2ufg"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-j1rd-aem6-vfgj"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-kzc8-pgz7-6bep"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-q38e-e4s5-nkb1"},{"vulnerability":"VCID-s6f1-tnbu-jfaq"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-t22n-hvrb-67b5"},{"vulnerability":"VCID-th5p-51pd-3ffg"},{"vulnerability":"VCID-u5ba-kpd5-67bm"},{"vulnerability":"VCID-xdxx-tdkj-wbba"},{"vulnerability":"VCID-y1jz-hqab-pycq"},{"vulnerability":"VCID-yaxc-7za7-zbbe"},{"vulnerability":"VCID-yp87-przu-bbbg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@8.0.0"}],"aliases":["CVE-2020-1718","GHSA-j229-2h63-rvh9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mumt-rvzk-w7d4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53230?format=json","vulnerability_id":"VCID-n23y-qjaf-tfcm","summary":"Keycloak XSS via use of malicious payload as group name when creating new group from admin console\nA flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0225.json","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0225.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0225","reference_id":"","reference_type":"","scores":[{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65465","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.6548","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65469","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65432","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.6546","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65474","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65455","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65444","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65353","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65401","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65391","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65428","published_at":"2026-04-04T12:55:00Z"},{"value":"0.005","scoring_system":"epss","scoring_elements":"0.66046","published_at":"2026-04-29T12:55:00Z"},{"value":"0.005","scoring_system":"epss","scoring_elements":"0.66036","published_at":"2026-04-24T12:55:00Z"},{"value":"0.005","scoring_system":"epss","scoring_elements":"0.66047","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0225"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2040268","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2040268"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0225","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0225"},{"reference_url":"https://github.com/advisories/GHSA-fqc7-5xxc-ph7r","reference_id":"GHSA-fqc7-5xxc-ph7r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fqc7-5xxc-ph7r"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6782","reference_id":"RHSA-2022:6782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6783","reference_id":"RHSA-2022:6783","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6783"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6787","reference_id":"RHSA-2022:6787","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6787"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7409","reference_id":"RHSA-2022:7409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7410","reference_id":"RHSA-2022:7410","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7410"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7411","reference_id":"RHSA-2022:7411","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7411"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7417","reference_id":"RHSA-2022:7417","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7417"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/291226?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@16.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3bcu-tbpy-gfg6"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-yaxc-7za7-zbbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@16.1.1"}],"aliases":["CVE-2022-0225","GHSA-fqc7-5xxc-ph7r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n23y-qjaf-tfcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20636?format=json","vulnerability_id":"VCID-nhe2-8dtq-gqbf","summary":"URL Redirection to Untrusted Site ('Open Redirect')\nA flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7854","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7854"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7855","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7856","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7857","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7857"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7858","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7860","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7860"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7861","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7861"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6291","reference_id":"","reference_type":"","scores":[{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39349","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39721","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39743","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39661","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39715","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.3973","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39739","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39703","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39687","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39737","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39708","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39624","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39446","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39432","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6291"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2251407","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2251407"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7","reference_id":"cpe:/a:redhat:jboss_data_grid:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8","reference_id":"cpe:/a:redhat:jboss_data_grid:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_brms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7","reference_id":"cpe:/a:redhat:jboss_fuse:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6","reference_id":"cpe:/a:redhat:migration_toolkit_applications:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7","reference_id":"cpe:/a:redhat:migration_toolkit_applications:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8","reference_id":"cpe:/a:redhat:rhosemc:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1","reference_id":"cpe:/a:redhat:serverless:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-6291","reference_id":"CVE-2023-6291","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-6291"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6291","reference_id":"CVE-2023-6291","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6291"},{"reference_url":"https://github.com/advisories/GHSA-mpwq-j3xf-7m5w","reference_id":"GHSA-mpwq-j3xf-7m5w","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mpwq-j3xf-7m5w"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w","reference_id":"GHSA-mpwq-j3xf-7m5w","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61789?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@23.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-kp25-fan9-jkd2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@23.0.0"}],"aliases":["CVE-2023-6291","GHSA-mpwq-j3xf-7m5w"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nhe2-8dtq-gqbf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12587?format=json","vulnerability_id":"VCID-q38e-e4s5-nkb1","summary":"This advisory has been marked as a False Positive and has been removed.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1714.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1714.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1714","reference_id":"","reference_type":"","scores":[{"value":"0.02152","scoring_system":"epss","scoring_elements":"0.84318","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02152","scoring_system":"epss","scoring_elements":"0.84313","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02152","scoring_system":"epss","scoring_elements":"0.84304","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02152","scoring_system":"epss","scoring_elements":"0.84279","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02152","scoring_system":"epss","scoring_elements":"0.84276","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02152","scoring_system":"epss","scoring_elements":"0.84274","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02152","scoring_system":"epss","scoring_elements":"0.84255","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02152","scoring_system":"epss","scoring_elements":"0.84214","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02152","scoring_system":"epss","scoring_elements":"0.84237","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02152","scoring_system":"epss","scoring_elements":"0.84243","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02152","scoring_system":"epss","scoring_elements":"0.84261","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02152","scoring_system":"epss","scoring_elements":"0.84182","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02152","scoring_system":"epss","scoring_elements":"0.84252","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02152","scoring_system":"epss","scoring_elements":"0.84196","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1714"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1714","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1714"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/33863ba16117844930a38ebde57a25258f5b80fd","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/33863ba16117844930a38ebde57a25258f5b80fd"},{"reference_url":"https://github.com/keycloak/keycloak/pull/7053","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/7053"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1705975","reference_id":"1705975","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1705975"},{"reference_url":"https://security.archlinux.org/ASA-202005-8","reference_id":"ASA-202005-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202005-8"},{"reference_url":"https://security.archlinux.org/AVG-1158","reference_id":"AVG-1158","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1158"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1714","reference_id":"CVE-2020-1714","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1714"},{"reference_url":"https://github.com/advisories/GHSA-m6mm-q862-j366","reference_id":"GHSA-m6mm-q862-j366","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m6mm-q862-j366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2813","reference_id":"RHSA-2020:2813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2813"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2814","reference_id":"RHSA-2020:2814","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2814"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2816","reference_id":"RHSA-2020:2816","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2816"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2905","reference_id":"RHSA-2020:2905","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2905"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3017","reference_id":"RHSA-2020:3017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3675","reference_id":"RHSA-2020:3675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3675"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3678","reference_id":"RHSA-2020:3678","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3678"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4252","reference_id":"RHSA-2020:4252","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5568","reference_id":"RHSA-2020:5568","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5568"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/80639?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@11.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-546n-kc1p-cyhm"},{"vulnerability":"VCID-5apu-r7pn-byet"},{"vulnerability":"VCID-6s4w-hv7a-ffaw"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-djwn-hkwg-g3gk"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-e9qa-sy57-fqby"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-j1rd-aem6-vfgj"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-t22n-hvrb-67b5"},{"vulnerability":"VCID-th5p-51pd-3ffg"},{"vulnerability":"VCID-u5ba-kpd5-67bm"},{"vulnerability":"VCID-yaxc-7za7-zbbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@11.0.0"}],"aliases":["CVE-2020-1714","GHSA-m6mm-q862-j366"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q38e-e4s5-nkb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9704?format=json","vulnerability_id":"VCID-qexf-7axp-9kas","summary":"Improper Certificate Validation\nIt was found that SAML authentication in Keycloak incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3592","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3592"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3593","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3593"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3595","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3595"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0877","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:0877"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10894.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10894.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10894","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16912","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17237","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17215","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17167","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17107","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17045","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.1705","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17084","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16987","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16968","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17088","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.1726","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.1731","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17089","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.1718","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10894"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10894","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10894"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/812e76c39b1e693e8f11e5549cca2c90631f372e","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/812e76c39b1e693e8f11e5549cca2c90631f372e"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1599434","reference_id":"1599434","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1599434"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10894","reference_id":"CVE-2018-10894","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10894"},{"reference_url":"https://github.com/advisories/GHSA-xvv8-8wh9-9fh2","reference_id":"GHSA-xvv8-8wh9-9fh2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xvv8-8wh9-9fh2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54020?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@3.4.3.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-28sw-q8sc-5ugs"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-3ncm-zz6v-2ua2"},{"vulnerability":"VCID-3ued-3fnw-a7h7"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-5apu-r7pn-byet"},{"vulnerability":"VCID-6s4w-hv7a-ffaw"},{"vulnerability":"VCID-78nt-79j3-k3fh"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-96mj-gt5k-23ck"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-cp2f-bjsx-nkfm"},{"vulnerability":"VCID-djwn-hkwg-g3gk"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-e9qa-sy57-fqby"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-gjy5-c6by-2ufg"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-hgu6-1a6g-13bw"},{"vulnerability":"VCID-j1rd-aem6-vfgj"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-kzc8-pgz7-6bep"},{"vulnerability":"VCID-mumt-rvzk-w7d4"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-q38e-e4s5-nkb1"},{"vulnerability":"VCID-s6f1-tnbu-jfaq"},{"vulnerability":"VCID-sghy-8wey-5yg5"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-t22n-hvrb-67b5"},{"vulnerability":"VCID-th5p-51pd-3ffg"},{"vulnerability":"VCID-u5ba-kpd5-67bm"},{"vulnerability":"VCID-v4pf-q8hu-8kda"},{"vulnerability":"VCID-xdxx-tdkj-wbba"},{"vulnerability":"VCID-y1jz-hqab-pycq"},{"vulnerability":"VCID-yaxc-7za7-zbbe"},{"vulnerability":"VCID-yp87-przu-bbbg"},{"vulnerability":"VCID-ysrd-zv5b-wfeg"},{"vulnerability":"VCID-yzy7-9vf5-tfht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@3.4.3.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/53119?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@3.4.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@3.4.3"}],"aliases":["CVE-2018-10894","GHSA-xvv8-8wh9-9fh2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qexf-7axp-9kas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55740?format=json","vulnerability_id":"VCID-s6f1-tnbu-jfaq","summary":"Keycloak leaks sensitive information in logged exceptions\nA flaw was found in keycloak in versions before 9.0.0. A logged exception in the HttpMethod class may leak the password given as parameter. The highest threat from this vulnerability is to data confidentiality.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1698.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1698.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1698","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15605","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15706","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15765","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15734","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.157","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15635","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15561","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15571","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15666","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15663","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15724","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15752","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15818","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15621","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1698"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1698","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1698"},{"reference_url":"https://github.com/keycloak/keycloak/commit/62c9e1577618470832ede22dcedd46cba15b1836","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/62c9e1577618470832ede22dcedd46cba15b1836"},{"reference_url":"https://github.com/keycloak/keycloak/pull/6751","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/6751"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1698","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1698"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1790292","reference_id":"1790292","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1790292"},{"reference_url":"https://github.com/advisories/GHSA-qgmm-f2qw-r95f","reference_id":"GHSA-qgmm-f2qw-r95f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qgmm-f2qw-r95f"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2252","reference_id":"RHSA-2020:2252","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2905","reference_id":"RHSA-2020:2905","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2905"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5625","reference_id":"RHSA-2020:5625","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5625"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/72719?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@9.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-546n-kc1p-cyhm"},{"vulnerability":"VCID-5apu-r7pn-byet"},{"vulnerability":"VCID-6s4w-hv7a-ffaw"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-djwn-hkwg-g3gk"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-e9qa-sy57-fqby"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-gjy5-c6by-2ufg"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-j1rd-aem6-vfgj"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-kzc8-pgz7-6bep"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-q38e-e4s5-nkb1"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-t22n-hvrb-67b5"},{"vulnerability":"VCID-th5p-51pd-3ffg"},{"vulnerability":"VCID-u5ba-kpd5-67bm"},{"vulnerability":"VCID-xdxx-tdkj-wbba"},{"vulnerability":"VCID-yaxc-7za7-zbbe"},{"vulnerability":"VCID-yp87-przu-bbbg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@9.0.0"}],"aliases":["CVE-2020-1698","GHSA-qgmm-f2qw-r95f"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s6f1-tnbu-jfaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32464?format=json","vulnerability_id":"VCID-sghy-8wey-5yg5","summary":"Exposure of Sensitive Information to an Unauthorized Actor in Keycloak\nIt was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14820.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14820.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14820","reference_id":"","reference_type":"","scores":[{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54187","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.5421","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54252","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54233","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54198","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54212","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54129","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54146","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54176","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54151","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54203","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54199","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54248","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54231","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14820"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14820","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14820"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14820","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14820"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1649870","reference_id":"1649870","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1649870"},{"reference_url":"https://github.com/advisories/GHSA-xfqh-7356-vqjj","reference_id":"GHSA-xfqh-7356-vqjj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xfqh-7356-vqjj"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3048","reference_id":"RHSA-2019:3048","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3048"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3049","reference_id":"RHSA-2019:3049","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3049"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2067","reference_id":"RHSA-2020:2067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2067"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41068?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@8.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-5apu-r7pn-byet"},{"vulnerability":"VCID-6s4w-hv7a-ffaw"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-cp2f-bjsx-nkfm"},{"vulnerability":"VCID-djwn-hkwg-g3gk"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-e9qa-sy57-fqby"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-gjy5-c6by-2ufg"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-j1rd-aem6-vfgj"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-kzc8-pgz7-6bep"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-q38e-e4s5-nkb1"},{"vulnerability":"VCID-s6f1-tnbu-jfaq"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-t22n-hvrb-67b5"},{"vulnerability":"VCID-th5p-51pd-3ffg"},{"vulnerability":"VCID-u5ba-kpd5-67bm"},{"vulnerability":"VCID-xdxx-tdkj-wbba"},{"vulnerability":"VCID-y1jz-hqab-pycq"},{"vulnerability":"VCID-yaxc-7za7-zbbe"},{"vulnerability":"VCID-yp87-przu-bbbg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@8.0.0"}],"aliases":["CVE-2019-14820","GHSA-xfqh-7356-vqjj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sghy-8wey-5yg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12563?format=json","vulnerability_id":"VCID-sk6p-vfu6-7kem","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10776","reference_id":"","reference_type":"","scores":[{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.5051","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50589","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50574","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50616","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50621","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50599","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50548","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50556","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50481","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50537","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50565","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50518","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50573","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.5057","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50612","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10776"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1847428","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1847428"},{"reference_url":"https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10776","reference_id":"CVE-2020-10776","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10776"},{"reference_url":"https://github.com/advisories/GHSA-484q-784p-8m5h","reference_id":"GHSA-484q-784p-8m5h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-484q-784p-8m5h"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4929","reference_id":"RHSA-2020:4929","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4929"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4930","reference_id":"RHSA-2020:4930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4931","reference_id":"RHSA-2020:4931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4932","reference_id":"RHSA-2020:4932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4932"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76166?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@12.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-546n-kc1p-cyhm"},{"vulnerability":"VCID-5apu-r7pn-byet"},{"vulnerability":"VCID-6s4w-hv7a-ffaw"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-d1ua-u2v7-jqf8"},{"vulnerability":"VCID-djwn-hkwg-g3gk"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-e9qa-sy57-fqby"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-j1rd-aem6-vfgj"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-u5ba-kpd5-67bm"},{"vulnerability":"VCID-yaxc-7za7-zbbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@12.0.0"}],"aliases":["CVE-2020-10776","GHSA-484q-784p-8m5h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sk6p-vfu6-7kem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53365?format=json","vulnerability_id":"VCID-t22n-hvrb-67b5","summary":"Authentication Bypass in keycloak\nA flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API. This flaw allows an attacker to change its own NameID attribute to impersonate the admin user for any particular application.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27826.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27826.json"},{"reference_url":"https://access.redhat.com/security/cve/cve-2020-27826","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/cve-2020-27826"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27826","reference_id":"","reference_type":"","scores":[{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.3726","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.377","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37666","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37638","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37685","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37668","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37605","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37368","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37349","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37538","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37719","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37744","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37622","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37673","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37687","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27826"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1905089","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1905089"},{"reference_url":"https://github.com/keycloak/keycloak/commit/dae4a3eaf26590b8d441b8e4bec3b700ee303b72","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/dae4a3eaf26590b8d441b8e4bec3b700ee303b72"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-27826","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-27826"},{"reference_url":"https://security.archlinux.org/AVG-1373","reference_id":"AVG-1373","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1373"},{"reference_url":"https://github.com/advisories/GHSA-m9cj-v55f-8x26","reference_id":"GHSA-m9cj-v55f-8x26","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m9cj-v55f-8x26"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5526","reference_id":"RHSA-2020:5526","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5526"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5527","reference_id":"RHSA-2020:5527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5527"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5528","reference_id":"RHSA-2020:5528","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5528"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5533","reference_id":"RHSA-2020:5533","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5533"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76166?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@12.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-546n-kc1p-cyhm"},{"vulnerability":"VCID-5apu-r7pn-byet"},{"vulnerability":"VCID-6s4w-hv7a-ffaw"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-d1ua-u2v7-jqf8"},{"vulnerability":"VCID-djwn-hkwg-g3gk"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-e9qa-sy57-fqby"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-j1rd-aem6-vfgj"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-u5ba-kpd5-67bm"},{"vulnerability":"VCID-yaxc-7za7-zbbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@12.0.0"}],"aliases":["CVE-2020-27826","GHSA-m9cj-v55f-8x26"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t22n-hvrb-67b5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42858?format=json","vulnerability_id":"VCID-th5p-51pd-3ffg","summary":"Improper privilege management in Keycloak\nA flaw was found in Keycloak, where it would permit a user with a view-profile role to manage the resources in the new account console. This flaw allows a user with a view-profile role to access and modify data for which the user does not have adequate permission.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14389.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14389.json"},{"reference_url":"https://access.redhat.com/security/cve/cve-2020-14389","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/cve-2020-14389"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14389","reference_id":"","reference_type":"","scores":[{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.34927","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35273","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35039","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35019","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35177","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35378","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35403","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35285","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35331","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35356","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35358","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35321","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35299","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35337","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00148","scoring_system":"epss","scoring_elements":"0.35326","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14389"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14389","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14389"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1875843","reference_id":"1875843","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1875843"},{"reference_url":"https://github.com/advisories/GHSA-c9x9-xv66-xp3v","reference_id":"GHSA-c9x9-xv66-xp3v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c9x9-xv66-xp3v"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4929","reference_id":"RHSA-2020:4929","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4929"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4930","reference_id":"RHSA-2020:4930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4931","reference_id":"RHSA-2020:4931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4932","reference_id":"RHSA-2020:4932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4932"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76166?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@12.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-546n-kc1p-cyhm"},{"vulnerability":"VCID-5apu-r7pn-byet"},{"vulnerability":"VCID-6s4w-hv7a-ffaw"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-d1ua-u2v7-jqf8"},{"vulnerability":"VCID-djwn-hkwg-g3gk"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-e9qa-sy57-fqby"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-j1rd-aem6-vfgj"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-u5ba-kpd5-67bm"},{"vulnerability":"VCID-yaxc-7za7-zbbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@12.0.0"}],"aliases":["CVE-2020-14389","GHSA-c9x9-xv66-xp3v"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-th5p-51pd-3ffg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55526?format=json","vulnerability_id":"VCID-u5ba-kpd5-67bm","summary":"Keycloak discloses information without authentication\nA flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27838.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27838.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27838","reference_id":"","reference_type":"","scores":[{"value":"0.85144","scoring_system":"epss","scoring_elements":"0.99361","published_at":"2026-04-26T12:55:00Z"},{"value":"0.85144","scoring_system":"epss","scoring_elements":"0.99349","published_at":"2026-04-02T12:55:00Z"},{"value":"0.85144","scoring_system":"epss","scoring_elements":"0.99352","published_at":"2026-04-04T12:55:00Z"},{"value":"0.85144","scoring_system":"epss","scoring_elements":"0.99353","published_at":"2026-04-07T12:55:00Z"},{"value":"0.85144","scoring_system":"epss","scoring_elements":"0.99354","published_at":"2026-04-08T12:55:00Z"},{"value":"0.85144","scoring_system":"epss","scoring_elements":"0.99355","published_at":"2026-04-09T12:55:00Z"},{"value":"0.85144","scoring_system":"epss","scoring_elements":"0.99356","published_at":"2026-04-11T12:55:00Z"},{"value":"0.85144","scoring_system":"epss","scoring_elements":"0.99357","published_at":"2026-04-13T12:55:00Z"},{"value":"0.85144","scoring_system":"epss","scoring_elements":"0.9936","published_at":"2026-04-29T12:55:00Z"},{"value":"0.85144","scoring_system":"epss","scoring_elements":"0.99359","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27838"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1906797","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1906797"},{"reference_url":"https://github.com/keycloak/keycloak/commit/9356843c6c3d7097d010b3bb6f91e25fcaba378c","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/9356843c6c3d7097d010b3bb6f91e25fcaba378c"},{"reference_url":"https://github.com/keycloak/keycloak/pull/7790","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/7790"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-27838","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-27838"},{"reference_url":"https://security.archlinux.org/ASA-202105-6","reference_id":"ASA-202105-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-6"},{"reference_url":"https://security.archlinux.org/AVG-1926","reference_id":"AVG-1926","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1926"},{"reference_url":"https://github.com/advisories/GHSA-pcv5-m2wh-66j3","reference_id":"GHSA-pcv5-m2wh-66j3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pcv5-m2wh-66j3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76699?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@13.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-j1rd-aem6-vfgj"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-yaxc-7za7-zbbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@13.0.0"}],"aliases":["CVE-2020-27838","GHSA-pcv5-m2wh-66j3"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u5ba-kpd5-67bm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50538?format=json","vulnerability_id":"VCID-v4pf-q8hu-8kda","summary":"Improper Verification of Cryptographic Signature in keycloak\nIt was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML Response and removes the <Signature> sections, the message is still accepted, and the message can be modified. An attacker could use this flaw to impersonate other users and gain access to sensitive information.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10201.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10201.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10201","reference_id":"","reference_type":"","scores":[{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33046","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33311","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33351","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33327","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.3314","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33123","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33291","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33427","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33458","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33296","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33339","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33372","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33375","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33334","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10201"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10201","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10201"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10201","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10201"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728609","reference_id":"1728609","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728609"},{"reference_url":"https://github.com/advisories/GHSA-4fgq-gq9g-3rw7","reference_id":"GHSA-4fgq-gq9g-3rw7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4fgq-gq9g-3rw7"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2483","reference_id":"RHSA-2019:2483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2483"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2067","reference_id":"RHSA-2020:2067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2366","reference_id":"RHSA-2020:2366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2366"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/78796?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@7.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-3ncm-zz6v-2ua2"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-5apu-r7pn-byet"},{"vulnerability":"VCID-6s4w-hv7a-ffaw"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-cp2f-bjsx-nkfm"},{"vulnerability":"VCID-djwn-hkwg-g3gk"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-e9qa-sy57-fqby"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-gjy5-c6by-2ufg"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-j1rd-aem6-vfgj"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-kzc8-pgz7-6bep"},{"vulnerability":"VCID-mumt-rvzk-w7d4"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-q38e-e4s5-nkb1"},{"vulnerability":"VCID-s6f1-tnbu-jfaq"},{"vulnerability":"VCID-sghy-8wey-5yg5"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-t22n-hvrb-67b5"},{"vulnerability":"VCID-th5p-51pd-3ffg"},{"vulnerability":"VCID-u5ba-kpd5-67bm"},{"vulnerability":"VCID-xdxx-tdkj-wbba"},{"vulnerability":"VCID-y1jz-hqab-pycq"},{"vulnerability":"VCID-yaxc-7za7-zbbe"},{"vulnerability":"VCID-yp87-przu-bbbg"},{"vulnerability":"VCID-yzy7-9vf5-tfht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@7.0.0"}],"aliases":["CVE-2019-10201","GHSA-4fgq-gq9g-3rw7"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v4pf-q8hu-8kda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5039?format=json","vulnerability_id":"VCID-vnp3-9ddj-qfa2","summary":"A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3592","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3592"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3593","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3593"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3595","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3595"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14658.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14658.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14658","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47014","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47125","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.4712","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47069","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47055","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47065","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47009","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47046","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47066","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47013","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47068","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47064","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47088","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47062","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14658"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14658","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14658"},{"reference_url":"https://github.com/keycloak/keycloak/commit/a957e118e6efb35fe7ef3a62acd66341a6523cb7","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/keycloak/keycloak/commit/a957e118e6efb35fe7ef3a62acd66341a6523cb7"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1625409","reference_id":"1625409","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1625409"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14658","reference_id":"CVE-2018-14658","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14658"},{"reference_url":"https://github.com/advisories/GHSA-3qh2-mccc-q5m6","reference_id":"GHSA-3qh2-mccc-q5m6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3qh2-mccc-q5m6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/179263?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@3.3.0.CR1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-28sw-q8sc-5ugs"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-3ncm-zz6v-2ua2"},{"vulnerability":"VCID-3ued-3fnw-a7h7"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-5apu-r7pn-byet"},{"vulnerability":"VCID-6s4w-hv7a-ffaw"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7mm5-8378-rua3"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-96mj-gt5k-23ck"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-cp2f-bjsx-nkfm"},{"vulnerability":"VCID-djwn-hkwg-g3gk"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-e9qa-sy57-fqby"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-gjy5-c6by-2ufg"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-hgu6-1a6g-13bw"},{"vulnerability":"VCID-j1rd-aem6-vfgj"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-kzc8-pgz7-6bep"},{"vulnerability":"VCID-mumt-rvzk-w7d4"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-q38e-e4s5-nkb1"},{"vulnerability":"VCID-qexf-7axp-9kas"},{"vulnerability":"VCID-s6f1-tnbu-jfaq"},{"vulnerability":"VCID-sghy-8wey-5yg5"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-t22n-hvrb-67b5"},{"vulnerability":"VCID-th5p-51pd-3ffg"},{"vulnerability":"VCID-u5ba-kpd5-67bm"},{"vulnerability":"VCID-v4pf-q8hu-8kda"},{"vulnerability":"VCID-xdxx-tdkj-wbba"},{"vulnerability":"VCID-y1jz-hqab-pycq"},{"vulnerability":"VCID-yaxc-7za7-zbbe"},{"vulnerability":"VCID-yp87-przu-bbbg"},{"vulnerability":"VCID-ysrd-zv5b-wfeg"},{"vulnerability":"VCID-yzy7-9vf5-tfht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@3.3.0.CR1"}],"aliases":["CVE-2018-14658","GHSA-3qh2-mccc-q5m6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vnp3-9ddj-qfa2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12718?format=json","vulnerability_id":"VCID-xdxx-tdkj-wbba","summary":"Improper Certificate Validation\nA flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1758.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1758.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1758","reference_id":"","reference_type":"","scores":[{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48706","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48759","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48756","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48773","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48747","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48755","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48804","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.488","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48685","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48724","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.4875","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48704","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1758"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1758","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1758"},{"reference_url":"https://issues.redhat.com/browse/KEYCLOAK-13285","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/KEYCLOAK-13285"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1812514","reference_id":"1812514","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1812514"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1758","reference_id":"CVE-2020-1758","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1758"},{"reference_url":"https://github.com/advisories/GHSA-c597-f74m-jgc2","reference_id":"GHSA-c597-f74m-jgc2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c597-f74m-jgc2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2106","reference_id":"RHSA-2020:2106","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2106"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2107","reference_id":"RHSA-2020:2107","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2107"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2108","reference_id":"RHSA-2020:2108","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2108"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2112","reference_id":"RHSA-2020:2112","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2112"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/48485?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@10.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-546n-kc1p-cyhm"},{"vulnerability":"VCID-5apu-r7pn-byet"},{"vulnerability":"VCID-6s4w-hv7a-ffaw"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-djwn-hkwg-g3gk"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-e9qa-sy57-fqby"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-j1rd-aem6-vfgj"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-q38e-e4s5-nkb1"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-t22n-hvrb-67b5"},{"vulnerability":"VCID-th5p-51pd-3ffg"},{"vulnerability":"VCID-u5ba-kpd5-67bm"},{"vulnerability":"VCID-yaxc-7za7-zbbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@10.0.0"}],"aliases":["CVE-2020-1758","GHSA-c597-f74m-jgc2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xdxx-tdkj-wbba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32472?format=json","vulnerability_id":"VCID-y1jz-hqab-pycq","summary":"XSS in Keycloak\nIt was found in all keycloak versions before 9.0.0 that links to external applications (Application Links) in the admin console are not validated properly and could allow Stored XSS attacks. An authed malicious user could create URLs to trick users in other realms, and possibly conduct further attacks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1697.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1697.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1697","reference_id":"","reference_type":"","scores":[{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51633","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51688","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51729","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51737","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51716","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51673","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.5159","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51642","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51667","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51627","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51681","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51678","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51726","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51704","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1697"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1697","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1697"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1697","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1697"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1791538","reference_id":"1791538","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1791538"},{"reference_url":"https://github.com/advisories/GHSA-8vf3-4w62-m3pq","reference_id":"GHSA-8vf3-4w62-m3pq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8vf3-4w62-m3pq"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2252","reference_id":"RHSA-2020:2252","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2905","reference_id":"RHSA-2020:2905","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2905"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/72719?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@9.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-546n-kc1p-cyhm"},{"vulnerability":"VCID-5apu-r7pn-byet"},{"vulnerability":"VCID-6s4w-hv7a-ffaw"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-djwn-hkwg-g3gk"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-e9qa-sy57-fqby"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-gjy5-c6by-2ufg"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-j1rd-aem6-vfgj"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-kzc8-pgz7-6bep"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-q38e-e4s5-nkb1"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-t22n-hvrb-67b5"},{"vulnerability":"VCID-th5p-51pd-3ffg"},{"vulnerability":"VCID-u5ba-kpd5-67bm"},{"vulnerability":"VCID-xdxx-tdkj-wbba"},{"vulnerability":"VCID-yaxc-7za7-zbbe"},{"vulnerability":"VCID-yp87-przu-bbbg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@9.0.0"}],"aliases":["CVE-2020-1697","GHSA-8vf3-4w62-m3pq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y1jz-hqab-pycq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17729?format=json","vulnerability_id":"VCID-yaxc-7za7-zbbe","summary":"Keycloak vulnerable to untrusted certificate validation\nA flaw was found in Keycloak. This flaw depends on a non-default configuration \"Revalidate Client Certificate\" to be enabled and the reverse proxy is not validating the certificate before Keycloak. Using this method an attacker may choose the certificate which will be validated by the server. If this happens and the KC_SPI_TRUSTSTORE_FILE_FILE variable is missing/misconfigured, any trustfile may be accepted with the logging information of \"Cannot validate client certificate trust: Truststore not available\". This may not impact availability as the attacker would have no access to the server, but consumer applications Integrity or Confidentiality may be impacted considering a possible access to them. Considering the environment is correctly set to use \"Revalidate Client Certificate\" this flaw is avoidable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1664.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1664.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1664","reference_id":"","reference_type":"","scores":[{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48685","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48734","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48688","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48742","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48739","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48756","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48731","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48738","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48787","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48783","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48741","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48727","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48735","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48709","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1664"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2182196&comment#0","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T21:33:57Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2182196&comment#0"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-5cc8-pgp5-7mpm","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-5cc8-pgp5-7mpm"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2182196","reference_id":"2182196","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2182196"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-1664","reference_id":"CVE-2023-1664","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2023-1664"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1664","reference_id":"CVE-2023-1664","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1664"},{"reference_url":"https://github.com/advisories/GHSA-5cc8-pgp5-7mpm","reference_id":"GHSA-5cc8-pgp5-7mpm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5cc8-pgp5-7mpm"},{"reference_url":"https://github.com/advisories/GHSA-c892-cwq6-qrqf","reference_id":"GHSA-c892-cwq6-qrqf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c892-cwq6-qrqf"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5491","reference_id":"RHSA-2023:5491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5491"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/72536?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@21.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@21.1.2"}],"aliases":["CVE-2023-1664","GHSA-5cc8-pgp5-7mpm","GHSA-c892-cwq6-qrqf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yaxc-7za7-zbbe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32471?format=json","vulnerability_id":"VCID-yp87-przu-bbbg","summary":"Improper Restriction of Rendered UI Layers or Frames in Keycloak\nA vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other problems. The flaws unnecessarily make the servers more prone to Clickjacking, channel downgrade attacks and other similar client-based attack vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1728.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1728.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1728","reference_id":"","reference_type":"","scores":[{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32582","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32968","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32943","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32985","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32963","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32926","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32779","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32666","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32935","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33064","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33097","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32927","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32973","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33003","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33006","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1728"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1728","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1728"},{"reference_url":"https://issues.redhat.com/browse/KEYCLOAK-12264","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/KEYCLOAK-12264"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1728","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:N"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1728"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1800585","reference_id":"1800585","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1800585"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-3gg7-9q2x-79fc","reference_id":"GHSA-3gg7-9q2x-79fc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3gg7-9q2x-79fc"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3495","reference_id":"RHSA-2020:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3496","reference_id":"RHSA-2020:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3497","reference_id":"RHSA-2020:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4213","reference_id":"RHSA-2020:4213","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4213"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4252","reference_id":"RHSA-2020:4252","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4252"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/48485?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@10.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-546n-kc1p-cyhm"},{"vulnerability":"VCID-5apu-r7pn-byet"},{"vulnerability":"VCID-6s4w-hv7a-ffaw"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-djwn-hkwg-g3gk"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-e9qa-sy57-fqby"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-j1rd-aem6-vfgj"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-q38e-e4s5-nkb1"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-t22n-hvrb-67b5"},{"vulnerability":"VCID-th5p-51pd-3ffg"},{"vulnerability":"VCID-u5ba-kpd5-67bm"},{"vulnerability":"VCID-yaxc-7za7-zbbe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@10.0.0"}],"aliases":["CVE-2020-1728","GHSA-3gg7-9q2x-79fc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yp87-przu-bbbg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10600?format=json","vulnerability_id":"VCID-ysrd-zv5b-wfeg","summary":"Information Exposure\nKeycloak allows the end user token (access or id token JWT) to be used as the session cookie for browser sessions for OIDC. As a result an attacker with access to service provider backend could hijack user's browser session.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1140","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:1140"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2998","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2998"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3868.json","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3868.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3868","reference_id":"","reference_type":"","scores":[{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.5089","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50988","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50967","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.5095","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50994","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50973","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50919","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50927","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.5085","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50908","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50934","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50891","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50948","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50946","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3868"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3868","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3868"},{"reference_url":"http://www.securityfocus.com/bid/108061","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/108061"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1679144","reference_id":"1679144","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1679144"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3868","reference_id":"CVE-2019-3868","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3868"},{"reference_url":"https://github.com/advisories/GHSA-gc52-xj6p-9pxp","reference_id":"GHSA-gc52-xj6p-9pxp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gc52-xj6p-9pxp"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0856","reference_id":"RHSA-2019:0856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0857","reference_id":"RHSA-2019:0857","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0857"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0868","reference_id":"RHSA-2019:0868","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0868"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2366","reference_id":"RHSA-2020:2366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2366"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/36394?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@6.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-3ncm-zz6v-2ua2"},{"vulnerability":"VCID-3ued-3fnw-a7h7"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-5apu-r7pn-byet"},{"vulnerability":"VCID-6s4w-hv7a-ffaw"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-96mj-gt5k-23ck"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-cp2f-bjsx-nkfm"},{"vulnerability":"VCID-djwn-hkwg-g3gk"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-e9qa-sy57-fqby"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-gjy5-c6by-2ufg"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-j1rd-aem6-vfgj"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-kzc8-pgz7-6bep"},{"vulnerability":"VCID-mumt-rvzk-w7d4"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-q38e-e4s5-nkb1"},{"vulnerability":"VCID-s6f1-tnbu-jfaq"},{"vulnerability":"VCID-sghy-8wey-5yg5"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-t22n-hvrb-67b5"},{"vulnerability":"VCID-th5p-51pd-3ffg"},{"vulnerability":"VCID-u5ba-kpd5-67bm"},{"vulnerability":"VCID-v4pf-q8hu-8kda"},{"vulnerability":"VCID-xdxx-tdkj-wbba"},{"vulnerability":"VCID-y1jz-hqab-pycq"},{"vulnerability":"VCID-yaxc-7za7-zbbe"},{"vulnerability":"VCID-yp87-przu-bbbg"},{"vulnerability":"VCID-yzy7-9vf5-tfht"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@6.0.0"}],"aliases":["CVE-2019-3868","GHSA-gc52-xj6p-9pxp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ysrd-zv5b-wfeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11425?format=json","vulnerability_id":"VCID-yzy7-9vf5-tfht","summary":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nA flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the application user.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10170.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10170.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10170","reference_id":"","reference_type":"","scores":[{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.7306","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.72977","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.7297","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.73012","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.73022","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.73014","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.73053","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.73063","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.72913","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.72925","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.72945","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.7292","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.72958","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.72972","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.72997","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10170"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10170","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10170"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1721295","reference_id":"1721295","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1721295"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10170","reference_id":"CVE-2019-10170","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10170"},{"reference_url":"https://github.com/advisories/GHSA-7m27-3587-83xf","reference_id":"GHSA-7m27-3587-83xf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7m27-3587-83xf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41068?format=json","purl":"pkg:maven/org.keycloak/keycloak-core@8.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-2xyb-g3n4-n3ca"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-49qw-j7rn-qfdf"},{"vulnerability":"VCID-5apu-r7pn-byet"},{"vulnerability":"VCID-6s4w-hv7a-ffaw"},{"vulnerability":"VCID-7j7q-m1zp-zfac"},{"vulnerability":"VCID-7xuf-btg3-ckf6"},{"vulnerability":"VCID-c8ps-95au-zbg5"},{"vulnerability":"VCID-cp2f-bjsx-nkfm"},{"vulnerability":"VCID-djwn-hkwg-g3gk"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-e85z-cn66-fye8"},{"vulnerability":"VCID-e9qa-sy57-fqby"},{"vulnerability":"VCID-eaaa-ejr9-6ygx"},{"vulnerability":"VCID-em5z-nvqy-fucp"},{"vulnerability":"VCID-engr-q4ge-53dc"},{"vulnerability":"VCID-epys-8p8v-zugv"},{"vulnerability":"VCID-fknh-1j7d-jyeq"},{"vulnerability":"VCID-gjy5-c6by-2ufg"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-heqp-u355-wyaz"},{"vulnerability":"VCID-j1rd-aem6-vfgj"},{"vulnerability":"VCID-kp25-fan9-jkd2"},{"vulnerability":"VCID-kzc8-pgz7-6bep"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-q38e-e4s5-nkb1"},{"vulnerability":"VCID-s6f1-tnbu-jfaq"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-t22n-hvrb-67b5"},{"vulnerability":"VCID-th5p-51pd-3ffg"},{"vulnerability":"VCID-u5ba-kpd5-67bm"},{"vulnerability":"VCID-xdxx-tdkj-wbba"},{"vulnerability":"VCID-y1jz-hqab-pycq"},{"vulnerability":"VCID-yaxc-7za7-zbbe"},{"vulnerability":"VCID-yp87-przu-bbbg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@8.0.0"}],"aliases":["CVE-2019-10170","GHSA-7m27-3587-83xf"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yzy7-9vf5-tfht"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@1.9.0.Final"}