{"url":"http://public2.vulnerablecode.io/api/packages/254646?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@1.8.0.CR1","type":"maven","namespace":"org.keycloak","name":"keycloak-parent","version":"1.8.0.CR1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53187?format=json","vulnerability_id":"VCID-14c3-xa9j-mbab","summary":"Incorrect implementation of lockout feature in Keycloak\nA flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to a wrong error message displayed when wrong credentials are entered. The highest threat from this vulnerability is to confidentiality.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3513.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3513.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2021-3513","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2021-3513"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3513","reference_id":"","reference_type":"","scores":[{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42077","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42131","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42201","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.41991","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42073","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42207","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42214","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42238","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42174","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.4213","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42225","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42189","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42216","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42156","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3513"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1953439","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1953439"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/pull/7976","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/7976"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3513","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3513"},{"reference_url":"https://security.archlinux.org/ASA-202105-6","reference_id":"ASA-202105-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-6"},{"reference_url":"https://security.archlinux.org/AVG-1926","reference_id":"AVG-1926","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1926"},{"reference_url":"https://github.com/advisories/GHSA-xv7h-95r7-595j","reference_id":"GHSA-xv7h-95r7-595j","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xv7h-95r7-595j"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3527","reference_id":"RHSA-2021:3527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3527"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3528","reference_id":"RHSA-2021:3528","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3528"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3529","reference_id":"RHSA-2021:3529","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3529"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3534","reference_id":"RHSA-2021:3534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3534"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45057?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@13.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jpe-awam-wqdz"},{"vulnerability":"VCID-7z49-f322-n7g8"},{"vulnerability":"VCID-8cmx-d3j7-vqbz"},{"vulnerability":"VCID-8zrg-f41g-pqfk"},{"vulnerability":"VCID-cabc-jrpz-vuad"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-jkh6-bvx2-dycm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-u3tj-vmem-jbb9"},{"vulnerability":"VCID-umcf-t6w5-juha"},{"vulnerability":"VCID-xauc-r9cm-sycu"},{"vulnerability":"VCID-xdfe-9zr4-47ax"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@13.0.0"}],"aliases":["CVE-2021-3513","GHSA-xv7h-95r7-595j"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-14c3-xa9j-mbab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12561?format=json","vulnerability_id":"VCID-3248-31p8-tyd4","summary":"Incorrect Authorization\nA flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access token.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1725","reference_id":"","reference_type":"","scores":[{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29792","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30186","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30188","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30145","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30095","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.3011","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30044","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29974","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29859","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30193","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30223","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30272","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.3009","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.3015","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1725"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1765129","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1765129"},{"reference_url":"https://issues.redhat.com/browse/KEYCLOAK-16550","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/KEYCLOAK-16550"},{"reference_url":"https://security.archlinux.org/AVG-1332","reference_id":"AVG-1332","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1332"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1725","reference_id":"CVE-2020-1725","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1725"},{"reference_url":"https://github.com/advisories/GHSA-p225-pc2x-4jpm","reference_id":"GHSA-p225-pc2x-4jpm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p225-pc2x-4jpm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45057?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@13.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jpe-awam-wqdz"},{"vulnerability":"VCID-7z49-f322-n7g8"},{"vulnerability":"VCID-8cmx-d3j7-vqbz"},{"vulnerability":"VCID-8zrg-f41g-pqfk"},{"vulnerability":"VCID-cabc-jrpz-vuad"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-jkh6-bvx2-dycm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-u3tj-vmem-jbb9"},{"vulnerability":"VCID-umcf-t6w5-juha"},{"vulnerability":"VCID-xauc-r9cm-sycu"},{"vulnerability":"VCID-xdfe-9zr4-47ax"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@13.0.0"}],"aliases":["CVE-2020-1725","GHSA-p225-pc2x-4jpm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3248-31p8-tyd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20721?format=json","vulnerability_id":"VCID-3jpe-awam-wqdz","summary":"Keycloak has Incorrect Behavior Order: Authorization Before Parsing and Canonicalization\nA flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the \"Bearer\" authentication scheme. It accepts non-standard characters (such as tabs) as separators and tolerates case variations that deviate from RFC 6750 specifications.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3947","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3947"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3948","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3948"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0707.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0707.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-0707","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-0707"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0707","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08182","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0827","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08251","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08233","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08127","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08113","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08277","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08254","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08216","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08195","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08248","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08196","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0826","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0828","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0707"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427768","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427768"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0707","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0707"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://github.com/advisories/GHSA-gv94-wp4h-vv8p","reference_id":"GHSA-gv94-wp4h-vv8p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gv94-wp4h-vv8p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/307386?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@26.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jkh6-bvx2-dycm"},{"vulnerability":"VCID-umcf-t6w5-juha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@26.5.1"}],"aliases":["CVE-2026-0707","GHSA-gv94-wp4h-vv8p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3jpe-awam-wqdz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12527?format=json","vulnerability_id":"VCID-6ure-3hgz-xfgn","summary":"Authentication Bypass by Primary Weakness\nA vulnerability was found in all versions of keycloak, where on using lower case HTTP headers (via cURL) we can bypass our Gatekeeper. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when we put a Gatekeeper in front of a Jetty server and use lowercase headers.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14359.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14359.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14359","reference_id":"","reference_type":"","scores":[{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49209","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49288","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49243","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49194","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49249","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49246","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49263","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49236","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49241","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49284","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49251","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49242","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49183","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49254","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49215","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14359"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868591","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868591"},{"reference_url":"https://github.com/keycloak/keycloak-gatekeeper","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak-gatekeeper"},{"reference_url":"https://github.com/keycloak/keycloak/issues/12934","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/12934"},{"reference_url":"https://issues.jboss.org/browse/KEYCLOAK-14090","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.jboss.org/browse/KEYCLOAK-14090"},{"reference_url":"https://web.archive.org/web/20190613000352/github.com/keycloak/keycloak-gatekeeper","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20190613000352/github.com/keycloak/keycloak-gatekeeper"},{"reference_url":"https://security.archlinux.org/AVG-1332","reference_id":"AVG-1332","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1332"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14359","reference_id":"CVE-2020-14359","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14359"},{"reference_url":"https://github.com/advisories/GHSA-jh6m-3pqw-242h","reference_id":"GHSA-jh6m-3pqw-242h","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jh6m-3pqw-242h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45057?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@13.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jpe-awam-wqdz"},{"vulnerability":"VCID-7z49-f322-n7g8"},{"vulnerability":"VCID-8cmx-d3j7-vqbz"},{"vulnerability":"VCID-8zrg-f41g-pqfk"},{"vulnerability":"VCID-cabc-jrpz-vuad"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-jkh6-bvx2-dycm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-u3tj-vmem-jbb9"},{"vulnerability":"VCID-umcf-t6w5-juha"},{"vulnerability":"VCID-xauc-r9cm-sycu"},{"vulnerability":"VCID-xdfe-9zr4-47ax"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@13.0.0"}],"aliases":["CVE-2020-14359","GHSA-jh6m-3pqw-242h"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6ure-3hgz-xfgn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10047?format=json","vulnerability_id":"VCID-78nt-79j3-k3fh","summary":"Cross-site Scripting\nWhen using `response_mode=form_post` it is possible to inject arbitrary Javascript-Code via the `state`-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3592","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3592"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3593","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3593"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3595","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3595"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14655.json","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14655.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14655","reference_id":"","reference_type":"","scores":[{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44489","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44671","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44672","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44728","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.4472","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.4465","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44565","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44569","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44593","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44673","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44694","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44631","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44682","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44684","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44701","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14655"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14655","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14655"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1625396","reference_id":"1625396","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1625396"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14655","reference_id":"CVE-2018-14655","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14655"},{"reference_url":"https://github.com/advisories/GHSA-458h-wv48-fq75","reference_id":"GHSA-458h-wv48-fq75","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-458h-wv48-fq75"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/254690?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@4.0.0.Beta3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-3jpe-awam-wqdz"},{"vulnerability":"VCID-6ure-3hgz-xfgn"},{"vulnerability":"VCID-7z49-f322-n7g8"},{"vulnerability":"VCID-8zrg-f41g-pqfk"},{"vulnerability":"VCID-cabc-jrpz-vuad"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-evqq-d8uz-9be1"},{"vulnerability":"VCID-f8mj-85vd-2yh5"},{"vulnerability":"VCID-gjzp-cqhp-augx"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-jkh6-bvx2-dycm"},{"vulnerability":"VCID-jprv-e2zb-v7bb"},{"vulnerability":"VCID-mumt-rvzk-w7d4"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-rssz-yqj9-b7h8"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-xauc-r9cm-sycu"},{"vulnerability":"VCID-xdfe-9zr4-47ax"},{"vulnerability":"VCID-xdxx-tdkj-wbba"},{"vulnerability":"VCID-yk5u-7cuz-7kdt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@4.0.0.Beta3"},{"url":"http://public2.vulnerablecode.io/api/packages/254695?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@4.4.0.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-3jpe-awam-wqdz"},{"vulnerability":"VCID-6ure-3hgz-xfgn"},{"vulnerability":"VCID-7z49-f322-n7g8"},{"vulnerability":"VCID-8zrg-f41g-pqfk"},{"vulnerability":"VCID-cabc-jrpz-vuad"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-f8mj-85vd-2yh5"},{"vulnerability":"VCID-gjzp-cqhp-augx"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-jkh6-bvx2-dycm"},{"vulnerability":"VCID-jprv-e2zb-v7bb"},{"vulnerability":"VCID-mumt-rvzk-w7d4"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-rssz-yqj9-b7h8"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-xauc-r9cm-sycu"},{"vulnerability":"VCID-xdfe-9zr4-47ax"},{"vulnerability":"VCID-xdxx-tdkj-wbba"},{"vulnerability":"VCID-yk5u-7cuz-7kdt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@4.4.0.Final"}],"aliases":["CVE-2018-14655","GHSA-458h-wv48-fq75"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-78nt-79j3-k3fh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52356?format=json","vulnerability_id":"VCID-7z49-f322-n7g8","summary":"Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console\nAn issue was discovered in Keycloak allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the `UPLOAD_SCRIPTS` feature is disabled","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2668.json","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2668.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2022-2668","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2022-2668"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2668","reference_id":"","reference_type":"","scores":[{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64749","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.6473","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64744","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64733","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64696","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64704","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64759","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64762","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64656","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64719","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64724","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64736","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.6467","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64698","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2668"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2115392","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2115392"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/e2ae7eef39b27e48ffa4764995d558555f02838c","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/e2ae7eef39b27e48ffa4764995d558555f02838c"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2668","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2668"},{"reference_url":"https://github.com/advisories/GHSA-wf7g-7h6h-678v","reference_id":"GHSA-wf7g-7h6h-678v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wf7g-7h6h-678v"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6782","reference_id":"RHSA-2022:6782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6783","reference_id":"RHSA-2022:6783","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6783"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6787","reference_id":"RHSA-2022:6787","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6787"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7409","reference_id":"RHSA-2022:7409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7410","reference_id":"RHSA-2022:7410","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7410"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7411","reference_id":"RHSA-2022:7411","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7411"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7417","reference_id":"RHSA-2022:7417","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7417"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/80154?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@19.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jpe-awam-wqdz"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-jkh6-bvx2-dycm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-umcf-t6w5-juha"},{"vulnerability":"VCID-xauc-r9cm-sycu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@19.0.2"}],"aliases":["CVE-2022-2668","GHSA-wf7g-7h6h-678v"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7z49-f322-n7g8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13947?format=json","vulnerability_id":"VCID-8zrg-f41g-pqfk","summary":"ECP SAML binding bypasses authentication flows\n### Description\nA flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The highest threat from this vulnerability is to confidentiality and integrity.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3827.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3827.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2021-3827","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2021-3827"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3827","reference_id":"","reference_type":"","scores":[{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43074","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.4323","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43259","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43196","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43247","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.4326","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.4328","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43248","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43233","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43294","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43283","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43218","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43153","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43154","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43174","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3827"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2007512","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2007512"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3827","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3827"},{"reference_url":"https://security.archlinux.org/AVG-1332","reference_id":"AVG-1332","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1332"},{"reference_url":"https://github.com/advisories/GHSA-4pc7-vqv5-5r3v","reference_id":"GHSA-4pc7-vqv5-5r3v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4pc7-vqv5-5r3v"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-4pc7-vqv5-5r3v","reference_id":"GHSA-4pc7-vqv5-5r3v","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-4pc7-vqv5-5r3v"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0151","reference_id":"RHSA-2022:0151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0151"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0152","reference_id":"RHSA-2022:0152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0155","reference_id":"RHSA-2022:0155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0164","reference_id":"RHSA-2022:0164","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0164"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50027?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@18.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jpe-awam-wqdz"},{"vulnerability":"VCID-7z49-f322-n7g8"},{"vulnerability":"VCID-cabc-jrpz-vuad"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-jkh6-bvx2-dycm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-umcf-t6w5-juha"},{"vulnerability":"VCID-xauc-r9cm-sycu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@18.0.0"}],"aliases":["CVE-2021-3827","GHSA-4pc7-vqv5-5r3v","GMS-2022-1098"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8zrg-f41g-pqfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14993?format=json","vulnerability_id":"VCID-9bn2-agpc-hfdz","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nIt was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2904","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2904"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2905","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2905"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2906","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2906"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12158.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12158.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12158","reference_id":"","reference_type":"","scores":[{"value":"0.00668","scoring_system":"epss","scoring_elements":"0.71294","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00668","scoring_system":"epss","scoring_elements":"0.71375","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00668","scoring_system":"epss","scoring_elements":"0.71287","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00668","scoring_system":"epss","scoring_elements":"0.7131","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00668","scoring_system":"epss","scoring_elements":"0.71279","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00668","scoring_system":"epss","scoring_elements":"0.71371","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00668","scoring_system":"epss","scoring_elements":"0.71364","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00668","scoring_system":"epss","scoring_elements":"0.71231","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00668","scoring_system":"epss","scoring_elements":"0.71331","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00668","scoring_system":"epss","scoring_elements":"0.71325","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00668","scoring_system":"epss","scoring_elements":"0.71239","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00668","scoring_system":"epss","scoring_elements":"0.71257","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00668","scoring_system":"epss","scoring_elements":"0.71232","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00668","scoring_system":"epss","scoring_elements":"0.71273","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12158"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1489161","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1489161"},{"reference_url":"https://web.archive.org/web/20210124114020/http://www.securityfocus.com/bid/101618","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210124114020/http://www.securityfocus.com/bid/101618"},{"reference_url":"http://www.securityfocus.com/bid/101618","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/101618"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keycloak:keycloak:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:keycloak:keycloak:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keycloak:keycloak:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign_on:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:single_sign_on:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign_on:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign_on:7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:single_sign_on:7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign_on:7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12158","reference_id":"CVE-2017-12158","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:N/I:P/A:N"},{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12158"},{"reference_url":"https://github.com/advisories/GHSA-v38p-mqq3-m6v5","reference_id":"GHSA-v38p-mqq3-m6v5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v38p-mqq3-m6v5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/254686?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@3.4.0.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-3jpe-awam-wqdz"},{"vulnerability":"VCID-6ure-3hgz-xfgn"},{"vulnerability":"VCID-78nt-79j3-k3fh"},{"vulnerability":"VCID-7z49-f322-n7g8"},{"vulnerability":"VCID-8zrg-f41g-pqfk"},{"vulnerability":"VCID-cabc-jrpz-vuad"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-evqq-d8uz-9be1"},{"vulnerability":"VCID-f8mj-85vd-2yh5"},{"vulnerability":"VCID-gjzp-cqhp-augx"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-jkh6-bvx2-dycm"},{"vulnerability":"VCID-jprv-e2zb-v7bb"},{"vulnerability":"VCID-mumt-rvzk-w7d4"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-rssz-yqj9-b7h8"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-xauc-r9cm-sycu"},{"vulnerability":"VCID-xdfe-9zr4-47ax"},{"vulnerability":"VCID-xdxx-tdkj-wbba"},{"vulnerability":"VCID-yk5u-7cuz-7kdt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@3.4.0.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/51533?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@3.4.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@3.4.0"}],"aliases":["CVE-2017-12158","GHSA-v38p-mqq3-m6v5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9bn2-agpc-hfdz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52351?format=json","vulnerability_id":"VCID-cabc-jrpz-vuad","summary":"Keycloak vulnerable to Stored Cross site Scripting (XSS) when loading default roles\nA Stored XSS vulnerability was reported in the Keycloak Security mailing list, affecting all the versions of Keycloak, including the latest release (18.0.1). The vulnerability allows a privileged attacker to execute malicious scripts in the admin console, abusing of the default roles functionality. \n\n### CVSS 3.1 - **3.8**\n\n**Vector String:** AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N\n\n**Vector Clarification:**\n\n* User interaction is not required as the admin console is regularly used during an administrator's work\n* The scope is unchanged since the admin console web application is both the vulnerable component and where the exploit executes\n\n### Credits\n\nAytaç Kalıncı, Ilker Bulgurcu, Yasin Yılmaz (@aytackalinci, @smileronin, @yasinyilmaz) - NETAŞ PENTEST TEAM","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2256.json","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2256.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2256","reference_id":"","reference_type":"","scores":[{"value":"0.00882","scoring_system":"epss","scoring_elements":"0.75461","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00882","scoring_system":"epss","scoring_elements":"0.7536","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00882","scoring_system":"epss","scoring_elements":"0.7534","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00882","scoring_system":"epss","scoring_elements":"0.75383","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00882","scoring_system":"epss","scoring_elements":"0.75393","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00882","scoring_system":"epss","scoring_elements":"0.75413","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00882","scoring_system":"epss","scoring_elements":"0.75391","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00882","scoring_system":"epss","scoring_elements":"0.7538","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00882","scoring_system":"epss","scoring_elements":"0.75421","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00882","scoring_system":"epss","scoring_elements":"0.75428","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00882","scoring_system":"epss","scoring_elements":"0.75418","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00882","scoring_system":"epss","scoring_elements":"0.75452","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00882","scoring_system":"epss","scoring_elements":"0.75457","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00882","scoring_system":"epss","scoring_elements":"0.75328","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2256"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2101942","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2101942"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/8e705a65ab2aa2b079374ec859ee7a75fad5a7d9","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/8e705a65ab2aa2b079374ec859ee7a75fad5a7d9"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2256","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2256"},{"reference_url":"https://github.com/advisories/GHSA-w9mf-83w3-fv49","reference_id":"GHSA-w9mf-83w3-fv49","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w9mf-83w3-fv49"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6782","reference_id":"RHSA-2022:6782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6783","reference_id":"RHSA-2022:6783","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6783"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6787","reference_id":"RHSA-2022:6787","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6787"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/80154?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@19.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jpe-awam-wqdz"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-jkh6-bvx2-dycm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-umcf-t6w5-juha"},{"vulnerability":"VCID-xauc-r9cm-sycu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@19.0.2"}],"aliases":["CVE-2022-2256","GHSA-w9mf-83w3-fv49"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cabc-jrpz-vuad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19109?format=json","vulnerability_id":"VCID-dxj3-8sk5-mfdy","summary":"Insufficient Session Expiration\nA flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8961","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2022:8961"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8962","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2022:8962"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8963","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2022:8963"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8964","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2022:8964"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8965","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2022:8965"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1043","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:1043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1044","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:1044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1045","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:1045"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1047","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:1047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1049","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:1049"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3916","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45293","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45418","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45438","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45382","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45437","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45458","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45428","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4543","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45481","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45477","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45344","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45354","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3916"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2141404","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2141404"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6.1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8","reference_id":"cpe:/a:redhat:rhosemc:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2022-3916","reference_id":"CVE-2022-3916","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2022-3916"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3916","reference_id":"CVE-2022-3916","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3916"},{"reference_url":"https://github.com/advisories/GHSA-97g8-xfvw-q4hg","reference_id":"GHSA-97g8-xfvw-q4hg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-97g8-xfvw-q4hg"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg","reference_id":"GHSA-97g8-xfvw-q4hg","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60142?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@20.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jpe-awam-wqdz"},{"vulnerability":"VCID-jkh6-bvx2-dycm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-umcf-t6w5-juha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@20.0.2"}],"aliases":["CVE-2022-3916","GHSA-97g8-xfvw-q4hg","GMS-2022-8406"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dxj3-8sk5-mfdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10044?format=json","vulnerability_id":"VCID-evqq-d8uz-9be1","summary":"Improper Authentication\nWhen TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3592","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3592"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3593","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3593"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3595","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3595"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14657.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14657.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14657","reference_id":"","reference_type":"","scores":[{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58493","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58551","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58532","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58512","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58545","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.5855","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58496","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58508","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58399","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58485","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58505","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58476","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58528","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58534","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14657"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14657","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14657"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1625404","reference_id":"1625404","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1625404"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14657","reference_id":"CVE-2018-14657","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14657"},{"reference_url":"https://github.com/advisories/GHSA-85v8-vx4w-q684","reference_id":"GHSA-85v8-vx4w-q684","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-85v8-vx4w-q684"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/254695?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@4.4.0.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-3jpe-awam-wqdz"},{"vulnerability":"VCID-6ure-3hgz-xfgn"},{"vulnerability":"VCID-7z49-f322-n7g8"},{"vulnerability":"VCID-8zrg-f41g-pqfk"},{"vulnerability":"VCID-cabc-jrpz-vuad"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-f8mj-85vd-2yh5"},{"vulnerability":"VCID-gjzp-cqhp-augx"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-jkh6-bvx2-dycm"},{"vulnerability":"VCID-jprv-e2zb-v7bb"},{"vulnerability":"VCID-mumt-rvzk-w7d4"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-rssz-yqj9-b7h8"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-xauc-r9cm-sycu"},{"vulnerability":"VCID-xdfe-9zr4-47ax"},{"vulnerability":"VCID-xdxx-tdkj-wbba"},{"vulnerability":"VCID-yk5u-7cuz-7kdt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@4.4.0.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/84326?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@4.6.0.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-3jpe-awam-wqdz"},{"vulnerability":"VCID-6ure-3hgz-xfgn"},{"vulnerability":"VCID-7z49-f322-n7g8"},{"vulnerability":"VCID-8zrg-f41g-pqfk"},{"vulnerability":"VCID-cabc-jrpz-vuad"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-f8mj-85vd-2yh5"},{"vulnerability":"VCID-gjzp-cqhp-augx"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-jkh6-bvx2-dycm"},{"vulnerability":"VCID-jprv-e2zb-v7bb"},{"vulnerability":"VCID-mumt-rvzk-w7d4"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-rssz-yqj9-b7h8"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-xauc-r9cm-sycu"},{"vulnerability":"VCID-xdfe-9zr4-47ax"},{"vulnerability":"VCID-xdxx-tdkj-wbba"},{"vulnerability":"VCID-yk5u-7cuz-7kdt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@4.6.0.Final"}],"aliases":["CVE-2018-14657","GHSA-85v8-vx4w-q684"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-evqq-d8uz-9be1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5051?format=json","vulnerability_id":"VCID-f763-ps3s-b3ep","summary":"It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An attacker could use this flaw to gain access to an authenticated user session, leading to possible information disclosure or further attacks.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2904","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2904"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2905","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2905"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2906","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2906"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12159.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12159.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12159","reference_id":"","reference_type":"","scores":[{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.69218","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.69147","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.69169","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.69153","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.69124","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.69163","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.69172","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.69151","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.69201","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.6921","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.69059","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.69075","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.69097","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.69078","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.69128","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12159"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1484111","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1484111"},{"reference_url":"https://github.com/keycloak/keycloak/commit/9b75b603e3a5f5ba6deff13cbb45b070bf2d2239","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/keycloak/keycloak/commit/9b75b603e3a5f5ba6deff13cbb45b070bf2d2239"},{"reference_url":"https://web.archive.org/web/20210124113906/http://www.securityfocus.com/bid/101601","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210124113906/http://www.securityfocus.com/bid/101601"},{"reference_url":"http://www.securityfocus.com/bid/101601","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/101601"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keycloak:keycloak:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:keycloak:keycloak:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keycloak:keycloak:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign_on:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:single_sign_on:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign_on:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign_on:7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:single_sign_on:7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign_on:7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12159","reference_id":"CVE-2017-12159","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12159"},{"reference_url":"https://github.com/advisories/GHSA-7fmw-85qm-h22p","reference_id":"GHSA-7fmw-85qm-h22p","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7fmw-85qm-h22p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/254686?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@3.4.0.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-3jpe-awam-wqdz"},{"vulnerability":"VCID-6ure-3hgz-xfgn"},{"vulnerability":"VCID-78nt-79j3-k3fh"},{"vulnerability":"VCID-7z49-f322-n7g8"},{"vulnerability":"VCID-8zrg-f41g-pqfk"},{"vulnerability":"VCID-cabc-jrpz-vuad"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-evqq-d8uz-9be1"},{"vulnerability":"VCID-f8mj-85vd-2yh5"},{"vulnerability":"VCID-gjzp-cqhp-augx"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-jkh6-bvx2-dycm"},{"vulnerability":"VCID-jprv-e2zb-v7bb"},{"vulnerability":"VCID-mumt-rvzk-w7d4"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-rssz-yqj9-b7h8"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-xauc-r9cm-sycu"},{"vulnerability":"VCID-xdfe-9zr4-47ax"},{"vulnerability":"VCID-xdxx-tdkj-wbba"},{"vulnerability":"VCID-yk5u-7cuz-7kdt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@3.4.0.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/51533?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@3.4.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@3.4.0"}],"aliases":["CVE-2017-12159","GHSA-7fmw-85qm-h22p"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f763-ps3s-b3ep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12741?format=json","vulnerability_id":"VCID-f8mj-85vd-2yh5","summary":"Allocation of Resources Without Limits or Throttling\nA vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10758.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10758.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10758","reference_id":"","reference_type":"","scores":[{"value":"0.00529","scoring_system":"epss","scoring_elements":"0.67267","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00529","scoring_system":"epss","scoring_elements":"0.67234","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00529","scoring_system":"epss","scoring_elements":"0.67254","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00529","scoring_system":"epss","scoring_elements":"0.6724","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00529","scoring_system":"epss","scoring_elements":"0.67207","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00529","scoring_system":"epss","scoring_elements":"0.67241","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00529","scoring_system":"epss","scoring_elements":"0.67253","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00529","scoring_system":"epss","scoring_elements":"0.67265","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00529","scoring_system":"epss","scoring_elements":"0.67133","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00529","scoring_system":"epss","scoring_elements":"0.6717","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00529","scoring_system":"epss","scoring_elements":"0.67194","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00529","scoring_system":"epss","scoring_elements":"0.67221","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10758"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1843849","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1843849"},{"reference_url":"https://github.com/keycloak/keycloak/commit/bee4ca89897766c4b68856eafe14f1a3dad34251","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/bee4ca89897766c4b68856eafe14f1a3dad34251"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10758","reference_id":"CVE-2020-10758","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10758"},{"reference_url":"https://github.com/advisories/GHSA-52rg-hpwq-qp56","reference_id":"GHSA-52rg-hpwq-qp56","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-52rg-hpwq-qp56"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3495","reference_id":"RHSA-2020:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3496","reference_id":"RHSA-2020:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3497","reference_id":"RHSA-2020:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3497"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45776?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@11.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-3jpe-awam-wqdz"},{"vulnerability":"VCID-546n-kc1p-cyhm"},{"vulnerability":"VCID-6ure-3hgz-xfgn"},{"vulnerability":"VCID-7z49-f322-n7g8"},{"vulnerability":"VCID-8cmx-d3j7-vqbz"},{"vulnerability":"VCID-8zrg-f41g-pqfk"},{"vulnerability":"VCID-cabc-jrpz-vuad"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-jkh6-bvx2-dycm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-rssz-yqj9-b7h8"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-umcf-t6w5-juha"},{"vulnerability":"VCID-xauc-r9cm-sycu"},{"vulnerability":"VCID-xdfe-9zr4-47ax"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@11.0.1"}],"aliases":["CVE-2020-10758","GHSA-52rg-hpwq-qp56"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f8mj-85vd-2yh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12540?format=json","vulnerability_id":"VCID-gjzp-cqhp-augx","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA flaw was found in Keycloak's data filter, in version 10.0.1, where it allowed the processing of data URLs in some circumstances. This flaw allows an attacker to conduct cross-site scripting or further attacks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10748.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10748.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10748","reference_id":"","reference_type":"","scores":[{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.5772","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57759","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57788","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57762","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57721","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.5774","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57649","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57734","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57755","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57728","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57783","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57786","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57802","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.5778","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10748"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1836786","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1836786"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10748","reference_id":"CVE-2020-10748","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10748"},{"reference_url":"https://github.com/advisories/GHSA-hgpg-593r-hhvp","reference_id":"GHSA-hgpg-593r-hhvp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hgpg-593r-hhvp"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2813","reference_id":"RHSA-2020:2813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2813"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44907?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@10.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-3jpe-awam-wqdz"},{"vulnerability":"VCID-546n-kc1p-cyhm"},{"vulnerability":"VCID-6ure-3hgz-xfgn"},{"vulnerability":"VCID-7z49-f322-n7g8"},{"vulnerability":"VCID-8cmx-d3j7-vqbz"},{"vulnerability":"VCID-8zrg-f41g-pqfk"},{"vulnerability":"VCID-cabc-jrpz-vuad"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-f8mj-85vd-2yh5"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-jkh6-bvx2-dycm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-rssz-yqj9-b7h8"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-umcf-t6w5-juha"},{"vulnerability":"VCID-xauc-r9cm-sycu"},{"vulnerability":"VCID-xdfe-9zr4-47ax"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@10.0.2"}],"aliases":["CVE-2020-10748","GHSA-hgpg-593r-hhvp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gjzp-cqhp-augx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53144?format=json","vulnerability_id":"VCID-gndk-728r-9yh7","summary":"Keycloak allows anyone to register new security device or key for any user by using WebAuthn password-less login flow\nA flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3632.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3632.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2021-3632","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2021-3632"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3632","reference_id":"","reference_type":"","scores":[{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66156","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66012","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66055","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66083","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66049","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66098","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.6611","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66129","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66117","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66087","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66123","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66137","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66125","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66145","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66157","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3632"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1978196","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1978196"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4"},{"reference_url":"https://github.com/keycloak/keycloak/pull/8203","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/8203"},{"reference_url":"https://issues.redhat.com/browse/KEYCLOAK-18500","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/KEYCLOAK-18500"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3632","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3632"},{"reference_url":"https://security.archlinux.org/AVG-1332","reference_id":"AVG-1332","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1332"},{"reference_url":"https://github.com/advisories/GHSA-qpq9-jpv4-6gwr","reference_id":"GHSA-qpq9-jpv4-6gwr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qpq9-jpv4-6gwr"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3527","reference_id":"RHSA-2021:3527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3527"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3528","reference_id":"RHSA-2021:3528","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3528"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3529","reference_id":"RHSA-2021:3529","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3529"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3534","reference_id":"RHSA-2021:3534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3534"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/278537?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@15.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jpe-awam-wqdz"},{"vulnerability":"VCID-7z49-f322-n7g8"},{"vulnerability":"VCID-8cmx-d3j7-vqbz"},{"vulnerability":"VCID-8zrg-f41g-pqfk"},{"vulnerability":"VCID-cabc-jrpz-vuad"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-jkh6-bvx2-dycm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-u3tj-vmem-jbb9"},{"vulnerability":"VCID-umcf-t6w5-juha"},{"vulnerability":"VCID-xauc-r9cm-sycu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@15.1.0"}],"aliases":["CVE-2021-3632","GHSA-qpq9-jpv4-6gwr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gndk-728r-9yh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21803?format=json","vulnerability_id":"VCID-jkh6-bvx2-dycm","summary":"Keycloak Server-Side Request Forgery (SSRF) vulnerability\nA flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1518.json","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1518.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-1518","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-02T14:03:51Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-1518"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1518","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01412","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.014","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01406","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01411","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01396","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01572","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01696","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01671","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01675","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01665","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01576","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01581","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01561","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1518"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433727","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-02T14:03:51Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433727"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1518","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1518"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://github.com/advisories/GHSA-fwhw-chw4-gh37","reference_id":"GHSA-fwhw-chw4-gh37","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fwhw-chw4-gh37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/307387?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@26.5.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-umcf-t6w5-juha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@26.5.3"}],"aliases":["CVE-2026-1518","GHSA-fwhw-chw4-gh37"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jkh6-bvx2-dycm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12582?format=json","vulnerability_id":"VCID-jprv-e2zb-v7bb","summary":"Generation of Error Message Containing Sensitive Information\nA flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1717.json","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1717.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1717","reference_id":"","reference_type":"","scores":[{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.39691","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40075","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40038","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40018","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40068","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40039","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.39961","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.3979","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.39776","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.39902","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40049","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40076","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.39997","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.4005","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40064","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1717"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1796281","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1796281"},{"reference_url":"https://issues.jboss.org/browse/KEYCLOAK-12014","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.jboss.org/browse/KEYCLOAK-12014"},{"reference_url":"https://security.archlinux.org/AVG-1332","reference_id":"AVG-1332","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1332"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1717","reference_id":"CVE-2020-1717","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1717"},{"reference_url":"https://github.com/advisories/GHSA-rvfc-g8j5-9ccf","reference_id":"GHSA-rvfc-g8j5-9ccf","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rvfc-g8j5-9ccf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45772?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@8.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-3jpe-awam-wqdz"},{"vulnerability":"VCID-6ure-3hgz-xfgn"},{"vulnerability":"VCID-7z49-f322-n7g8"},{"vulnerability":"VCID-8zrg-f41g-pqfk"},{"vulnerability":"VCID-cabc-jrpz-vuad"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-f8mj-85vd-2yh5"},{"vulnerability":"VCID-gjzp-cqhp-augx"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-jkh6-bvx2-dycm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-rssz-yqj9-b7h8"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-umcf-t6w5-juha"},{"vulnerability":"VCID-xauc-r9cm-sycu"},{"vulnerability":"VCID-xdfe-9zr4-47ax"},{"vulnerability":"VCID-xdxx-tdkj-wbba"},{"vulnerability":"VCID-yk5u-7cuz-7kdt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@8.0.0"}],"aliases":["CVE-2020-1717","GHSA-rvfc-g8j5-9ccf"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jprv-e2zb-v7bb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12738?format=json","vulnerability_id":"VCID-mumt-rvzk-w7d4","summary":"Improper Authentication\nA flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. This flaw allows an attacker to gain unauthorized access to the application.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1718.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1718.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1718","reference_id":"","reference_type":"","scores":[{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58618","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.5867","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58675","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58652","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.5862","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58633","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58526","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.5861","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58631","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58601","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58653","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58659","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58677","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58658","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58638","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1718"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1718","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1718"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1796756","reference_id":"1796756","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1796756"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1718","reference_id":"CVE-2020-1718","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1718"},{"reference_url":"https://github.com/advisories/GHSA-j229-2h63-rvh9","reference_id":"GHSA-j229-2h63-rvh9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j229-2h63-rvh9"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2106","reference_id":"RHSA-2020:2106","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2106"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2107","reference_id":"RHSA-2020:2107","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2107"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2108","reference_id":"RHSA-2020:2108","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2108"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2112","reference_id":"RHSA-2020:2112","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2112"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2252","reference_id":"RHSA-2020:2252","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2905","reference_id":"RHSA-2020:2905","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2905"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3196","reference_id":"RHSA-2020:3196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3197","reference_id":"RHSA-2020:3197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3197"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45772?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@8.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-3jpe-awam-wqdz"},{"vulnerability":"VCID-6ure-3hgz-xfgn"},{"vulnerability":"VCID-7z49-f322-n7g8"},{"vulnerability":"VCID-8zrg-f41g-pqfk"},{"vulnerability":"VCID-cabc-jrpz-vuad"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-f8mj-85vd-2yh5"},{"vulnerability":"VCID-gjzp-cqhp-augx"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-jkh6-bvx2-dycm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-rssz-yqj9-b7h8"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-umcf-t6w5-juha"},{"vulnerability":"VCID-xauc-r9cm-sycu"},{"vulnerability":"VCID-xdfe-9zr4-47ax"},{"vulnerability":"VCID-xdxx-tdkj-wbba"},{"vulnerability":"VCID-yk5u-7cuz-7kdt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@8.0.0"}],"aliases":["CVE-2020-1718","GHSA-j229-2h63-rvh9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mumt-rvzk-w7d4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20636?format=json","vulnerability_id":"VCID-nhe2-8dtq-gqbf","summary":"URL Redirection to Untrusted Site ('Open Redirect')\nA flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7854","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7854"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7855","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7856","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7857","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7857"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7858","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7860","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7860"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7861","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7861"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6291","reference_id":"","reference_type":"","scores":[{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39349","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39721","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39743","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39661","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39715","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.3973","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39739","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39703","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39687","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39737","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39708","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39624","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39446","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39432","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6291"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2251407","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2251407"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7","reference_id":"cpe:/a:redhat:jboss_data_grid:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8","reference_id":"cpe:/a:redhat:jboss_data_grid:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_brms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7","reference_id":"cpe:/a:redhat:jboss_fuse:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6","reference_id":"cpe:/a:redhat:migration_toolkit_applications:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7","reference_id":"cpe:/a:redhat:migration_toolkit_applications:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8","reference_id":"cpe:/a:redhat:rhosemc:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1","reference_id":"cpe:/a:redhat:serverless:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-6291","reference_id":"CVE-2023-6291","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-6291"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6291","reference_id":"CVE-2023-6291","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6291"},{"reference_url":"https://github.com/advisories/GHSA-mpwq-j3xf-7m5w","reference_id":"GHSA-mpwq-j3xf-7m5w","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mpwq-j3xf-7m5w"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w","reference_id":"GHSA-mpwq-j3xf-7m5w","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62295?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@23.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jpe-awam-wqdz"},{"vulnerability":"VCID-jkh6-bvx2-dycm"},{"vulnerability":"VCID-umcf-t6w5-juha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@23.0.0"}],"aliases":["CVE-2023-6291","GHSA-mpwq-j3xf-7m5w"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nhe2-8dtq-gqbf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12578?format=json","vulnerability_id":"VCID-rssz-yqj9-b7h8","summary":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nA vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14366.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14366.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14366","reference_id":"","reference_type":"","scores":[{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.59673","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.59674","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.59707","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.59715","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.59699","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.59668","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.59688","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.59557","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.59631","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.59656","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.59625","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.59676","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.5969","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.5971","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.59693","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14366"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14366","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14366"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1869764","reference_id":"1869764","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1869764"},{"reference_url":"https://security.archlinux.org/AVG-1471","reference_id":"AVG-1471","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1471"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14366","reference_id":"CVE-2020-14366","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14366"},{"reference_url":"https://github.com/advisories/GHSA-cp67-8w3w-6h9c","reference_id":"GHSA-cp67-8w3w-6h9c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cp67-8w3w-6h9c"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4931","reference_id":"RHSA-2020:4931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4931"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43996?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@12.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-3jpe-awam-wqdz"},{"vulnerability":"VCID-546n-kc1p-cyhm"},{"vulnerability":"VCID-6ure-3hgz-xfgn"},{"vulnerability":"VCID-7z49-f322-n7g8"},{"vulnerability":"VCID-8cmx-d3j7-vqbz"},{"vulnerability":"VCID-8zrg-f41g-pqfk"},{"vulnerability":"VCID-cabc-jrpz-vuad"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-jkh6-bvx2-dycm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-u3tj-vmem-jbb9"},{"vulnerability":"VCID-umcf-t6w5-juha"},{"vulnerability":"VCID-xauc-r9cm-sycu"},{"vulnerability":"VCID-xdfe-9zr4-47ax"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@12.0.0"}],"aliases":["CVE-2020-14366","GHSA-cp67-8w3w-6h9c"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rssz-yqj9-b7h8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12563?format=json","vulnerability_id":"VCID-sk6p-vfu6-7kem","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10776","reference_id":"","reference_type":"","scores":[{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.5051","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50589","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50574","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50616","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50621","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50599","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50548","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50556","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50481","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50537","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50565","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50518","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50573","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.5057","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50612","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10776"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1847428","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1847428"},{"reference_url":"https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10776","reference_id":"CVE-2020-10776","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10776"},{"reference_url":"https://github.com/advisories/GHSA-484q-784p-8m5h","reference_id":"GHSA-484q-784p-8m5h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-484q-784p-8m5h"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4929","reference_id":"RHSA-2020:4929","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4929"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4930","reference_id":"RHSA-2020:4930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4931","reference_id":"RHSA-2020:4931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4932","reference_id":"RHSA-2020:4932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4932"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43996?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@12.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-3jpe-awam-wqdz"},{"vulnerability":"VCID-546n-kc1p-cyhm"},{"vulnerability":"VCID-6ure-3hgz-xfgn"},{"vulnerability":"VCID-7z49-f322-n7g8"},{"vulnerability":"VCID-8cmx-d3j7-vqbz"},{"vulnerability":"VCID-8zrg-f41g-pqfk"},{"vulnerability":"VCID-cabc-jrpz-vuad"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-jkh6-bvx2-dycm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-u3tj-vmem-jbb9"},{"vulnerability":"VCID-umcf-t6w5-juha"},{"vulnerability":"VCID-xauc-r9cm-sycu"},{"vulnerability":"VCID-xdfe-9zr4-47ax"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@12.0.0"}],"aliases":["CVE-2020-10776","GHSA-484q-784p-8m5h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sk6p-vfu6-7kem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14396?format=json","vulnerability_id":"VCID-w7ds-xt1u-9uf9","summary":"Improper Authentication\nIt was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attacks.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2904","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2904"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2905","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2905"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2906","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2906"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12160.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12160.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12160","reference_id":"","reference_type":"","scores":[{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.68718","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.68647","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.68671","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.68658","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.68668","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.68679","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.68659","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.68707","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.68712","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.68563","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.68582","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.686","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.68577","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.68629","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12160"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1484154","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1484154"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12160","reference_id":"CVE-2017-12160","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12160"},{"reference_url":"https://github.com/advisories/GHSA-qc72-gfvw-76h7","reference_id":"GHSA-qc72-gfvw-76h7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qc72-gfvw-76h7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50661?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@3.3.0.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-3jpe-awam-wqdz"},{"vulnerability":"VCID-6ure-3hgz-xfgn"},{"vulnerability":"VCID-78nt-79j3-k3fh"},{"vulnerability":"VCID-7z49-f322-n7g8"},{"vulnerability":"VCID-8zrg-f41g-pqfk"},{"vulnerability":"VCID-9bn2-agpc-hfdz"},{"vulnerability":"VCID-cabc-jrpz-vuad"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-evqq-d8uz-9be1"},{"vulnerability":"VCID-f763-ps3s-b3ep"},{"vulnerability":"VCID-f8mj-85vd-2yh5"},{"vulnerability":"VCID-gjzp-cqhp-augx"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-jkh6-bvx2-dycm"},{"vulnerability":"VCID-jprv-e2zb-v7bb"},{"vulnerability":"VCID-mumt-rvzk-w7d4"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-rssz-yqj9-b7h8"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-w7ds-xt1u-9uf9"},{"vulnerability":"VCID-xauc-r9cm-sycu"},{"vulnerability":"VCID-xdfe-9zr4-47ax"},{"vulnerability":"VCID-xdxx-tdkj-wbba"},{"vulnerability":"VCID-yk5u-7cuz-7kdt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@3.3.0.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/254685?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@3.4.0.CR1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-3jpe-awam-wqdz"},{"vulnerability":"VCID-6ure-3hgz-xfgn"},{"vulnerability":"VCID-78nt-79j3-k3fh"},{"vulnerability":"VCID-7z49-f322-n7g8"},{"vulnerability":"VCID-8zrg-f41g-pqfk"},{"vulnerability":"VCID-9bn2-agpc-hfdz"},{"vulnerability":"VCID-cabc-jrpz-vuad"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-evqq-d8uz-9be1"},{"vulnerability":"VCID-f763-ps3s-b3ep"},{"vulnerability":"VCID-f8mj-85vd-2yh5"},{"vulnerability":"VCID-gjzp-cqhp-augx"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-jkh6-bvx2-dycm"},{"vulnerability":"VCID-jprv-e2zb-v7bb"},{"vulnerability":"VCID-mumt-rvzk-w7d4"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-rssz-yqj9-b7h8"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-xauc-r9cm-sycu"},{"vulnerability":"VCID-xdfe-9zr4-47ax"},{"vulnerability":"VCID-xdxx-tdkj-wbba"},{"vulnerability":"VCID-yk5u-7cuz-7kdt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@3.4.0.CR1"}],"aliases":["CVE-2017-12160","GHSA-qc72-gfvw-76h7"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w7ds-xt1u-9uf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52574?format=json","vulnerability_id":"VCID-xauc-r9cm-sycu","summary":"Keycloak vulnerable to path traversal via double URL encoding\nKeycloak does not properly validate URLs included in a redirect. An attacker could construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain, or possibly conduct further attacks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3782.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3782.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2022-3782","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-09T13:41:56Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2022-3782"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3782","reference_id":"","reference_type":"","scores":[{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.3061","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.31042","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.3107","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.31077","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.31033","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30988","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.31019","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.31","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30968","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30811","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30693","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.31119","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.31166","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30985","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3782"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/pull/15982/commits/1987c942f527b9f3bbf2a86ba71ba8ae0154ac37","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/15982/commits/1987c942f527b9f3bbf2a86ba71ba8ae0154ac37"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-g8q8-fggx-9r3q","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-g8q8-fggx-9r3q"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3782","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3782"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2138971","reference_id":"2138971","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2138971"},{"reference_url":"https://github.com/advisories/GHSA-g8q8-fggx-9r3q","reference_id":"GHSA-g8q8-fggx-9r3q","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g8q8-fggx-9r3q"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1285","reference_id":"RHSA-2023:1285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1661","reference_id":"RHSA-2023:1661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2041","reference_id":"RHSA-2023:2041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3185","reference_id":"RHSA-2023:3185","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3185"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3815","reference_id":"RHSA-2023:3815","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3815"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/307318?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@20.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jpe-awam-wqdz"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-jkh6-bvx2-dycm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-umcf-t6w5-juha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@20.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/60142?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@20.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jpe-awam-wqdz"},{"vulnerability":"VCID-jkh6-bvx2-dycm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-umcf-t6w5-juha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@20.0.2"}],"aliases":["CVE-2022-3782","GHSA-g8q8-fggx-9r3q","GMS-2022-8407"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xauc-r9cm-sycu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10894?format=json","vulnerability_id":"VCID-xdfe-9zr4-47ax","summary":"Allocation of Resources Without Limits or Throttling\nA flaw was found in keycloak-model-infinispan in keycloak where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3637.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3637.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3637","reference_id":"","reference_type":"","scores":[{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64538","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64467","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64501","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64513","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64505","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64526","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64383","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64437","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64468","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64427","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64475","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64491","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64506","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64495","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3637"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1979638","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1979638"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3637","reference_id":"CVE-2021-3637","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3637"},{"reference_url":"https://github.com/advisories/GHSA-2vp8-jv5v-6qh6","reference_id":"GHSA-2vp8-jv5v-6qh6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2vp8-jv5v-6qh6"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3527","reference_id":"RHSA-2021:3527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3527"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3528","reference_id":"RHSA-2021:3528","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3528"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3529","reference_id":"RHSA-2021:3529","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3529"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3534","reference_id":"RHSA-2021:3534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3534"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/37344?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@14.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3jpe-awam-wqdz"},{"vulnerability":"VCID-7z49-f322-n7g8"},{"vulnerability":"VCID-8cmx-d3j7-vqbz"},{"vulnerability":"VCID-8zrg-f41g-pqfk"},{"vulnerability":"VCID-cabc-jrpz-vuad"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-jkh6-bvx2-dycm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-u3tj-vmem-jbb9"},{"vulnerability":"VCID-umcf-t6w5-juha"},{"vulnerability":"VCID-xauc-r9cm-sycu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@14.0.0"}],"aliases":["CVE-2021-3637","GHSA-2vp8-jv5v-6qh6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xdfe-9zr4-47ax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12718?format=json","vulnerability_id":"VCID-xdxx-tdkj-wbba","summary":"Improper Certificate Validation\nA flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1758.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1758.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1758","reference_id":"","reference_type":"","scores":[{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48706","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48759","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48756","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48773","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48747","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48755","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48804","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.488","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48685","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48724","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.4875","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48704","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1758"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1758","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1758"},{"reference_url":"https://issues.redhat.com/browse/KEYCLOAK-13285","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/KEYCLOAK-13285"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1812514","reference_id":"1812514","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1812514"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1758","reference_id":"CVE-2020-1758","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1758"},{"reference_url":"https://github.com/advisories/GHSA-c597-f74m-jgc2","reference_id":"GHSA-c597-f74m-jgc2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c597-f74m-jgc2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2106","reference_id":"RHSA-2020:2106","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2106"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2107","reference_id":"RHSA-2020:2107","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2107"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2108","reference_id":"RHSA-2020:2108","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2108"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2112","reference_id":"RHSA-2020:2112","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2112"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45731?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@10.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-3jpe-awam-wqdz"},{"vulnerability":"VCID-546n-kc1p-cyhm"},{"vulnerability":"VCID-6ure-3hgz-xfgn"},{"vulnerability":"VCID-7z49-f322-n7g8"},{"vulnerability":"VCID-8cmx-d3j7-vqbz"},{"vulnerability":"VCID-8zrg-f41g-pqfk"},{"vulnerability":"VCID-cabc-jrpz-vuad"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-f8mj-85vd-2yh5"},{"vulnerability":"VCID-gjzp-cqhp-augx"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-jkh6-bvx2-dycm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-rssz-yqj9-b7h8"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-umcf-t6w5-juha"},{"vulnerability":"VCID-xauc-r9cm-sycu"},{"vulnerability":"VCID-xdfe-9zr4-47ax"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@10.0.0"}],"aliases":["CVE-2020-1758","GHSA-c597-f74m-jgc2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xdxx-tdkj-wbba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12714?format=json","vulnerability_id":"VCID-yk5u-7cuz-7kdt","summary":"Incorrect Permission Assignment for Critical Resource\nA flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their permissions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1694.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1694.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1694","reference_id":"","reference_type":"","scores":[{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50939","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51001","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51045","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51023","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.5097","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50978","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50906","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.5096","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50985","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50942","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50999","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.50996","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51039","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51018","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1694"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1790759","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1790759"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1694","reference_id":"CVE-2020-1694","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1694"},{"reference_url":"https://github.com/advisories/GHSA-72j4-94rx-cr6w","reference_id":"GHSA-72j4-94rx-cr6w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-72j4-94rx-cr6w"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2813","reference_id":"RHSA-2020:2813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2813"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45731?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@10.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14c3-xa9j-mbab"},{"vulnerability":"VCID-3248-31p8-tyd4"},{"vulnerability":"VCID-3jpe-awam-wqdz"},{"vulnerability":"VCID-546n-kc1p-cyhm"},{"vulnerability":"VCID-6ure-3hgz-xfgn"},{"vulnerability":"VCID-7z49-f322-n7g8"},{"vulnerability":"VCID-8cmx-d3j7-vqbz"},{"vulnerability":"VCID-8zrg-f41g-pqfk"},{"vulnerability":"VCID-cabc-jrpz-vuad"},{"vulnerability":"VCID-dxj3-8sk5-mfdy"},{"vulnerability":"VCID-f8mj-85vd-2yh5"},{"vulnerability":"VCID-gjzp-cqhp-augx"},{"vulnerability":"VCID-gndk-728r-9yh7"},{"vulnerability":"VCID-jkh6-bvx2-dycm"},{"vulnerability":"VCID-nhe2-8dtq-gqbf"},{"vulnerability":"VCID-rssz-yqj9-b7h8"},{"vulnerability":"VCID-sk6p-vfu6-7kem"},{"vulnerability":"VCID-umcf-t6w5-juha"},{"vulnerability":"VCID-xauc-r9cm-sycu"},{"vulnerability":"VCID-xdfe-9zr4-47ax"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@10.0.0"}],"aliases":["CVE-2020-1694","GHSA-72j4-94rx-cr6w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yk5u-7cuz-7kdt"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@1.8.0.CR1"}