Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.keycloak/keycloak-core@11.0.2
Typemaven
Namespaceorg.keycloak
Namekeycloak-core
Version11.0.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version21.1.2
Latest_non_vulnerable_version26.0.6
Affected_by_vulnerabilities
0
url VCID-361y-pegm-gqbs
vulnerability_id VCID-361y-pegm-gqbs
summary 
Improper authorization in Keycloak
Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1466.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1466.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1466
reference_id
reference_type
scores
0
value 0.00158
scoring_system epss
scoring_elements 0.36403
published_at 2026-06-05T12:55:00Z
1
value 0.00158
scoring_system epss
scoring_elements 0.36309
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1466
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2050228
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2050228
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-076.txt
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-076.txt
5
reference_url https://www.syss.de/pentest-blog/fehlerhafte-autorisierung-bei-red-hat-single-sign-on-750ga-syss-2021-076
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.syss.de/pentest-blog/fehlerhafte-autorisierung-bei-red-hat-single-sign-on-750ga-syss-2021-076
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-1466
reference_id CVE-2022-1466
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-1466
7
reference_url https://github.com/advisories/GHSA-f32v-vf79-p29q
reference_id GHSA-f32v-vf79-p29q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f32v-vf79-p29q
8
reference_url https://access.redhat.com/errata/RHSA-2022:0449
reference_id RHSA-2022:0449
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0449
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@17.0.1
purl pkg:maven/org.keycloak/keycloak-core@17.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9cgx-nsyr-gyc3
1
vulnerability VCID-ch1b-adh9-skah
2
vulnerability VCID-crj8-4jaa-yyes
3
vulnerability VCID-zabp-1j4k-9bf8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@17.0.1
aliases CVE-2022-1466, GHSA-f32v-vf79-p29q
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-361y-pegm-gqbs
1
url VCID-3kg4-uvgq-5khf
vulnerability_id VCID-3kg4-uvgq-5khf
summary 
Server-Side Request Forgery (SSRF)
A flaw was found in Keycloak, where it is possible to force the server to call out an unverified URL using the `OIDC` parameter `request_uri`. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.
references
0
reference_url http://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10770.json
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10770.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10770
reference_id
reference_type
scores
0
value 0.92282
scoring_system epss
scoring_elements 0.99734
published_at 2026-06-05T12:55:00Z
1
value 0.92282
scoring_system epss
scoring_elements 0.99735
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10770
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1846270
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1846270
4
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
5
reference_url https://github.com/keycloak/keycloak/commit/55a064a978b0b7e0f0b93c33931f7dabe7d0d5e2
reference_id
reference_type
scores
url https://github.com/keycloak/keycloak/commit/55a064a978b0b7e0f0b93c33931f7dabe7d0d5e2
6
reference_url https://github.com/keycloak/keycloak-documentation/pull/1086
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak-documentation/pull/1086
7
reference_url https://github.com/keycloak/keycloak/pull/7714
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/7714
8
reference_url https://issues.redhat.com/browse/KEYCLOAK-14019
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/KEYCLOAK-14019
9
reference_url https://issues.redhat.com/browse/KEYCLOAK-3426
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/KEYCLOAK-3426
10
reference_url https://security.archlinux.org/AVG-1577
reference_id AVG-1577
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1577
11
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/50405.py
reference_id CVE-2020-10770
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/50405.py
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10770
reference_id CVE-2020-10770
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10770
13
reference_url https://github.com/advisories/GHSA-jh7q-5mwf-qvhw
reference_id GHSA-jh7q-5mwf-qvhw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jh7q-5mwf-qvhw
14
reference_url https://access.redhat.com/errata/RHSA-2021:0318
reference_id RHSA-2021:0318
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0318
15
reference_url https://access.redhat.com/errata/RHSA-2021:0319
reference_id RHSA-2021:0319
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0319
16
reference_url https://access.redhat.com/errata/RHSA-2021:0320
reference_id RHSA-2021:0320
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0320
17
reference_url https://access.redhat.com/errata/RHSA-2021:0327
reference_id RHSA-2021:0327
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0327
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@12.0.2
purl pkg:maven/org.keycloak/keycloak-core@12.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-361y-pegm-gqbs
1
vulnerability VCID-6gee-p7fr-1yhy
2
vulnerability VCID-7662-z35s-9qeq
3
vulnerability VCID-8ze1-r95u-xbg8
4
vulnerability VCID-9cgx-nsyr-gyc3
5
vulnerability VCID-ch1b-adh9-skah
6
vulnerability VCID-crj8-4jaa-yyes
7
vulnerability VCID-cxx9-9gwy-xyb6
8
vulnerability VCID-gr2e-ntp4-9fdg
9
vulnerability VCID-hjue-s41w-bye9
10
vulnerability VCID-jbzy-b52n-4kcx
11
vulnerability VCID-jm25-gtrc-zuhh
12
vulnerability VCID-qjhb-ubp5-ukdy
13
vulnerability VCID-vs8q-ywf1-3qa2
14
vulnerability VCID-wt2c-cyu2-kbgm
15
vulnerability VCID-zabp-1j4k-9bf8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@12.0.2
1
url pkg:maven/org.keycloak/keycloak-core@13.0.0
purl pkg:maven/org.keycloak/keycloak-core@13.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-361y-pegm-gqbs
1
vulnerability VCID-8ze1-r95u-xbg8
2
vulnerability VCID-9cgx-nsyr-gyc3
3
vulnerability VCID-ch1b-adh9-skah
4
vulnerability VCID-crj8-4jaa-yyes
5
vulnerability VCID-cxx9-9gwy-xyb6
6
vulnerability VCID-qjhb-ubp5-ukdy
7
vulnerability VCID-vs8q-ywf1-3qa2
8
vulnerability VCID-zabp-1j4k-9bf8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@13.0.0
aliases CVE-2020-10770, GHSA-jh7q-5mwf-qvhw
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3kg4-uvgq-5khf
2
url VCID-6gee-p7fr-1yhy
vulnerability_id VCID-6gee-p7fr-1yhy
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20222.json
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20222.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-20222
reference_id
reference_type
scores
0
value 0.0044
scoring_system epss
scoring_elements 0.63543
published_at 2026-06-05T12:55:00Z
1
value 0.0044
scoring_system epss
scoring_elements 0.635
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-20222
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1924606
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1924606
3
reference_url https://github.com/keycloak/keycloak/commit/3b80eee5bfdf2b80c47465c0f2eaf70074808741
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/3b80eee5bfdf2b80c47465c0f2eaf70074808741
4
reference_url https://security.archlinux.org/ASA-202105-6
reference_id ASA-202105-6
reference_type
scores
url https://security.archlinux.org/ASA-202105-6
5
reference_url https://security.archlinux.org/AVG-1926
reference_id AVG-1926
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1926
6
reference_url https://access.redhat.com/security/cve/cve-2021-20222
reference_id CVE-2021-20222
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/cve-2021-20222
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-20222
reference_id CVE-2021-20222
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-20222
8
reference_url https://github.com/advisories/GHSA-2mq8-99q7-55wx
reference_id GHSA-2mq8-99q7-55wx
reference_type
scores
url https://github.com/advisories/GHSA-2mq8-99q7-55wx
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@13.0.0
purl pkg:maven/org.keycloak/keycloak-core@13.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-361y-pegm-gqbs
1
vulnerability VCID-8ze1-r95u-xbg8
2
vulnerability VCID-9cgx-nsyr-gyc3
3
vulnerability VCID-ch1b-adh9-skah
4
vulnerability VCID-crj8-4jaa-yyes
5
vulnerability VCID-cxx9-9gwy-xyb6
6
vulnerability VCID-qjhb-ubp5-ukdy
7
vulnerability VCID-vs8q-ywf1-3qa2
8
vulnerability VCID-zabp-1j4k-9bf8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@13.0.0
aliases CVE-2021-20222, GHSA-2mq8-99q7-55wx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6gee-p7fr-1yhy
3
url VCID-7662-z35s-9qeq
vulnerability_id VCID-7662-z35s-9qeq
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3513.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3513.json
1
reference_url https://access.redhat.com/security/cve/CVE-2021-3513
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2021-3513
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3513
reference_id
reference_type
scores
0
value 0.00201
scoring_system epss
scoring_elements 0.42063
published_at 2026-06-04T12:55:00Z
1
value 0.00201
scoring_system epss
scoring_elements 0.42137
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3513
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://github.com/keycloak/keycloak/pull/7976
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/7976
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3513
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3513
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1953439
reference_id 1953439
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1953439
7
reference_url https://security.archlinux.org/ASA-202105-6
reference_id ASA-202105-6
reference_type
scores
url https://security.archlinux.org/ASA-202105-6
8
reference_url https://security.archlinux.org/AVG-1926
reference_id AVG-1926
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1926
9
reference_url https://github.com/advisories/GHSA-xv7h-95r7-595j
reference_id GHSA-xv7h-95r7-595j
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xv7h-95r7-595j
10
reference_url https://access.redhat.com/errata/RHSA-2021:3527
reference_id RHSA-2021:3527
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3527
11
reference_url https://access.redhat.com/errata/RHSA-2021:3528
reference_id RHSA-2021:3528
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3528
12
reference_url https://access.redhat.com/errata/RHSA-2021:3529
reference_id RHSA-2021:3529
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3529
13
reference_url https://access.redhat.com/errata/RHSA-2021:3534
reference_id RHSA-2021:3534
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3534
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@13.0.0
purl pkg:maven/org.keycloak/keycloak-core@13.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-361y-pegm-gqbs
1
vulnerability VCID-8ze1-r95u-xbg8
2
vulnerability VCID-9cgx-nsyr-gyc3
3
vulnerability VCID-ch1b-adh9-skah
4
vulnerability VCID-crj8-4jaa-yyes
5
vulnerability VCID-cxx9-9gwy-xyb6
6
vulnerability VCID-qjhb-ubp5-ukdy
7
vulnerability VCID-vs8q-ywf1-3qa2
8
vulnerability VCID-zabp-1j4k-9bf8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@13.0.0
aliases CVE-2021-3513, GHSA-xv7h-95r7-595j
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7662-z35s-9qeq
4
url VCID-8ze1-r95u-xbg8
vulnerability_id VCID-8ze1-r95u-xbg8
summary keycloak: Stored XSS in groups dropdown
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0225.json
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0225.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0225
reference_id
reference_type
scores
0
value 0.0051
scoring_system epss
scoring_elements 0.66772
published_at 2026-06-05T12:55:00Z
1
value 0.0051
scoring_system epss
scoring_elements 0.66732
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0225
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0225
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0225
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2040268
reference_id 2040268
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2040268
6
reference_url https://github.com/advisories/GHSA-fqc7-5xxc-ph7r
reference_id GHSA-fqc7-5xxc-ph7r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fqc7-5xxc-ph7r
7
reference_url https://access.redhat.com/errata/RHSA-2022:6782
reference_id RHSA-2022:6782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6782
8
reference_url https://access.redhat.com/errata/RHSA-2022:6783
reference_id RHSA-2022:6783
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6783
9
reference_url https://access.redhat.com/errata/RHSA-2022:6787
reference_id RHSA-2022:6787
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6787
10
reference_url https://access.redhat.com/errata/RHSA-2022:7409
reference_id RHSA-2022:7409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7409
11
reference_url https://access.redhat.com/errata/RHSA-2022:7410
reference_id RHSA-2022:7410
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7410
12
reference_url https://access.redhat.com/errata/RHSA-2022:7411
reference_id RHSA-2022:7411
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7411
13
reference_url https://access.redhat.com/errata/RHSA-2022:7417
reference_id RHSA-2022:7417
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7417
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@16.1.1
purl pkg:maven/org.keycloak/keycloak-core@16.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-361y-pegm-gqbs
1
vulnerability VCID-9cgx-nsyr-gyc3
2
vulnerability VCID-ch1b-adh9-skah
3
vulnerability VCID-crj8-4jaa-yyes
4
vulnerability VCID-dvk9-qsq9-4uc3
5
vulnerability VCID-zabp-1j4k-9bf8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@16.1.1
aliases CVE-2022-0225, GHSA-fqc7-5xxc-ph7r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8ze1-r95u-xbg8
5
url VCID-9cgx-nsyr-gyc3
vulnerability_id VCID-9cgx-nsyr-gyc3
summary 
Stored Cross-Site Scripting (XSS) in Keycloak via groups dropdown
### Summary

A Stored XSS vulnerability was reported in the Keycloak Security mailing list, affecting all the versions of Keycloak, including the latest release (16.0.1). The vulnerability allows a privileged attacker to execute malicious scripts in the admin console, abusing of the groups' dropdown functionality. 

### Impact

Successful attacks of this vulnerability can result a privileged attacker to load a XSS script, and steal data from other users. The impact can be considered moderate to low, considering privileged credentials are required.

### References
- Please refer to the Keycloak Security mailing list for more information.
references
0
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
1
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m
2
reference_url https://github.com/advisories/GHSA-755v-r4x4-qf7m
reference_id GHSA-755v-r4x4-qf7m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-755v-r4x4-qf7m
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@20.0.0
purl pkg:maven/org.keycloak/keycloak-core@20.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ch1b-adh9-skah
1
vulnerability VCID-crj8-4jaa-yyes
2
vulnerability VCID-zabp-1j4k-9bf8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@20.0.0
aliases GHSA-755v-r4x4-qf7m, GMS-2022-7509
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9cgx-nsyr-gyc3
6
url VCID-9wq8-wqya-87dw
vulnerability_id VCID-9wq8-wqya-87dw
summary 
Execution with Unnecessary Privileges
A flaw was found in Keycloak where it is possible to update the user's metadata attributes using Account REST API. This flaw allows an attacker to change its own NameID attribute to impersonate the admin user for any particular application.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27826.json
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27826.json
1
reference_url https://access.redhat.com/security/cve/cve-2020-27826
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/cve-2020-27826
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-27826
reference_id
reference_type
scores
0
value 0.00166
scoring_system epss
scoring_elements 0.37413
published_at 2026-06-05T12:55:00Z
1
value 0.00166
scoring_system epss
scoring_elements 0.37322
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-27826
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1905089
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1905089
4
reference_url https://github.com/keycloak/keycloak/commit/dae4a3eaf26590b8d441b8e4bec3b700ee303b72
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/dae4a3eaf26590b8d441b8e4bec3b700ee303b72
5
reference_url https://security.archlinux.org/AVG-1373
reference_id AVG-1373
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1373
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-27826
reference_id CVE-2020-27826
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-27826
7
reference_url https://github.com/advisories/GHSA-m9cj-v55f-8x26
reference_id GHSA-m9cj-v55f-8x26
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m9cj-v55f-8x26
8
reference_url https://access.redhat.com/errata/RHSA-2020:5526
reference_id RHSA-2020:5526
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5526
9
reference_url https://access.redhat.com/errata/RHSA-2020:5527
reference_id RHSA-2020:5527
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5527
10
reference_url https://access.redhat.com/errata/RHSA-2020:5528
reference_id RHSA-2020:5528
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5528
11
reference_url https://access.redhat.com/errata/RHSA-2020:5533
reference_id RHSA-2020:5533
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5533
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@12.0.0
purl pkg:maven/org.keycloak/keycloak-core@12.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-361y-pegm-gqbs
1
vulnerability VCID-3kg4-uvgq-5khf
2
vulnerability VCID-6gee-p7fr-1yhy
3
vulnerability VCID-7662-z35s-9qeq
4
vulnerability VCID-8ze1-r95u-xbg8
5
vulnerability VCID-9cgx-nsyr-gyc3
6
vulnerability VCID-ch1b-adh9-skah
7
vulnerability VCID-crj8-4jaa-yyes
8
vulnerability VCID-cxx9-9gwy-xyb6
9
vulnerability VCID-gr2e-ntp4-9fdg
10
vulnerability VCID-hjue-s41w-bye9
11
vulnerability VCID-jbzy-b52n-4kcx
12
vulnerability VCID-jm25-gtrc-zuhh
13
vulnerability VCID-pu4g-rbu2-nbdb
14
vulnerability VCID-qjhb-ubp5-ukdy
15
vulnerability VCID-vs8q-ywf1-3qa2
16
vulnerability VCID-wt2c-cyu2-kbgm
17
vulnerability VCID-zabp-1j4k-9bf8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@12.0.0
aliases CVE-2020-27826, GHSA-m9cj-v55f-8x26
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9wq8-wqya-87dw
7
url VCID-ch1b-adh9-skah
vulnerability_id VCID-ch1b-adh9-skah
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1274.json
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1274.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1274
reference_id
reference_type
scores
0
value 0.00993
scoring_system epss
scoring_elements 0.77283
published_at 2026-06-05T12:55:00Z
1
value 0.00993
scoring_system epss
scoring_elements 0.77252
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1274
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2073157
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2073157
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://github.com/keycloak/keycloak/commit/fc3c61235fa30132123c17ed8702ff7b3a672fe9
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/fc3c61235fa30132123c17ed8702ff7b3a672fe9
5
reference_url https://github.com/keycloak/keycloak/pull/16764
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/16764
6
reference_url https://herolab.usd.de/security-advisories/usd-2021-0033
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://herolab.usd.de/security-advisories/usd-2021-0033
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-1274
reference_id CVE-2022-1274
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-1274
8
reference_url https://github.com/advisories/GHSA-m4fv-gm5m-4725
reference_id GHSA-m4fv-gm5m-4725
reference_type
scores
url https://github.com/advisories/GHSA-m4fv-gm5m-4725
9
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725
reference_id GHSA-m4fv-gm5m-4725
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@20.0.5
purl pkg:maven/org.keycloak/keycloak-core@20.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-zabp-1j4k-9bf8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@20.0.5
aliases CVE-2022-1274, GHSA-m4fv-gm5m-4725, GMS-2023-528
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ch1b-adh9-skah
8
url VCID-crj8-4jaa-yyes
vulnerability_id VCID-crj8-4jaa-yyes
summary keycloak: Client Registration endpoint does not check token revocation
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0091.json
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0091.json
1
reference_url https://access.redhat.com/security/cve/CVE-2023-0091
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T14:08:50Z/
url https://access.redhat.com/security/cve/CVE-2023-0091
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0091
reference_id
reference_type
scores
0
value 0.00291
scoring_system epss
scoring_elements 0.52817
published_at 2026-06-05T12:55:00Z
1
value 0.00291
scoring_system epss
scoring_elements 0.52758
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0091
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-v436-q368-hvgg
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0091
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0091
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2158585
reference_id 2158585
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2158585
7
reference_url https://github.com/advisories/GHSA-v436-q368-hvgg
reference_id GHSA-v436-q368-hvgg
reference_type
scores
url https://github.com/advisories/GHSA-v436-q368-hvgg
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@20.0.3
purl pkg:maven/org.keycloak/keycloak-core@20.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ch1b-adh9-skah
1
vulnerability VCID-zabp-1j4k-9bf8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@20.0.3
aliases CVE-2023-0091, GHSA-v436-q368-hvgg, GMS-2023-37
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-crj8-4jaa-yyes
9
url VCID-cxx9-9gwy-xyb6
vulnerability_id VCID-cxx9-9gwy-xyb6
summary certificate verification bypass
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35509.json
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35509.json
1
reference_url https://access.redhat.com/security/cve/cve-2020-35509
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-30T19:38:02Z/
url https://access.redhat.com/security/cve/cve-2020-35509
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-35509
reference_id
reference_type
scores
0
value 0.00087
scoring_system epss
scoring_elements 0.24972
published_at 2026-06-04T12:55:00Z
1
value 0.00087
scoring_system epss
scoring_elements 0.25068
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-35509
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://github.com/keycloak/keycloak/blob/4f330f4a57cbfcf6202b60546518261c66e59a35/services/src/main/java/org/keycloak/authentication/authenticators/x509/ValidateX509CertificateUsername.java#L74-L76
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/blob/4f330f4a57cbfcf6202b60546518261c66e59a35/services/src/main/java/org/keycloak/authentication/authenticators/x509/ValidateX509CertificateUsername.java#L74-L76
5
reference_url https://github.com/keycloak/keycloak/commit/478319348bdfdb9b6d39122f41edf2af79f679bb
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/478319348bdfdb9b6d39122f41edf2af79f679bb
6
reference_url https://github.com/keycloak/keycloak/pull/6330
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/6330
7
reference_url https://github.com/keycloak/keycloak/pull/8067
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/8067
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-35509
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-35509
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1912427
reference_id 1912427
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1912427
10
reference_url https://security.archlinux.org/ASA-202106-53
reference_id ASA-202106-53
reference_type
scores
url https://security.archlinux.org/ASA-202106-53
11
reference_url https://security.archlinux.org/AVG-2084
reference_id AVG-2084
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2084
12
reference_url https://github.com/advisories/GHSA-rpj2-w6fr-79hc
reference_id GHSA-rpj2-w6fr-79hc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rpj2-w6fr-79hc
13
reference_url https://access.redhat.com/errata/RHSA-2021:3527
reference_id RHSA-2021:3527
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3527
14
reference_url https://access.redhat.com/errata/RHSA-2021:3528
reference_id RHSA-2021:3528
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3528
15
reference_url https://access.redhat.com/errata/RHSA-2021:3529
reference_id RHSA-2021:3529
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3529
16
reference_url https://access.redhat.com/errata/RHSA-2021:3534
reference_id RHSA-2021:3534
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3534
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@14.0.0
purl pkg:maven/org.keycloak/keycloak-core@14.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-361y-pegm-gqbs
1
vulnerability VCID-8ze1-r95u-xbg8
2
vulnerability VCID-9cgx-nsyr-gyc3
3
vulnerability VCID-ch1b-adh9-skah
4
vulnerability VCID-crj8-4jaa-yyes
5
vulnerability VCID-qjhb-ubp5-ukdy
6
vulnerability VCID-vs8q-ywf1-3qa2
7
vulnerability VCID-zabp-1j4k-9bf8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@14.0.0
aliases CVE-2020-35509, GHSA-rpj2-w6fr-79hc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cxx9-9gwy-xyb6
10
url VCID-dc8s-fqv5-1uhk
vulnerability_id VCID-dc8s-fqv5-1uhk
summary 
Improper Privilege Management
It was found that Keycloak would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14389.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14389.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-14389
reference_id
reference_type
scores
0
value 0.00148
scoring_system epss
scoring_elements 0.3499
published_at 2026-06-04T12:55:00Z
1
value 0.00148
scoring_system epss
scoring_elements 0.35086
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-14389
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1875843
reference_id 1875843
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1875843
3
reference_url https://access.redhat.com/security/cve/cve-2020-14389
reference_id CVE-2020-14389
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/cve-2020-14389
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-14389
reference_id CVE-2020-14389
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-14389
5
reference_url https://access.redhat.com/errata/RHSA-2020:4929
reference_id RHSA-2020:4929
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4929
6
reference_url https://access.redhat.com/errata/RHSA-2020:4930
reference_id RHSA-2020:4930
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4930
7
reference_url https://access.redhat.com/errata/RHSA-2020:4931
reference_id RHSA-2020:4931
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4931
8
reference_url https://access.redhat.com/errata/RHSA-2020:4932
reference_id RHSA-2020:4932
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4932
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@12.0.0
purl pkg:maven/org.keycloak/keycloak-core@12.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-361y-pegm-gqbs
1
vulnerability VCID-3kg4-uvgq-5khf
2
vulnerability VCID-6gee-p7fr-1yhy
3
vulnerability VCID-7662-z35s-9qeq
4
vulnerability VCID-8ze1-r95u-xbg8
5
vulnerability VCID-9cgx-nsyr-gyc3
6
vulnerability VCID-ch1b-adh9-skah
7
vulnerability VCID-crj8-4jaa-yyes
8
vulnerability VCID-cxx9-9gwy-xyb6
9
vulnerability VCID-gr2e-ntp4-9fdg
10
vulnerability VCID-hjue-s41w-bye9
11
vulnerability VCID-jbzy-b52n-4kcx
12
vulnerability VCID-jm25-gtrc-zuhh
13
vulnerability VCID-pu4g-rbu2-nbdb
14
vulnerability VCID-qjhb-ubp5-ukdy
15
vulnerability VCID-vs8q-ywf1-3qa2
16
vulnerability VCID-wt2c-cyu2-kbgm
17
vulnerability VCID-zabp-1j4k-9bf8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@12.0.0
aliases CVE-2020-14389, GHSA-c9x9-xv66-xp3v
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dc8s-fqv5-1uhk
11
url VCID-gr2e-ntp4-9fdg
vulnerability_id VCID-gr2e-ntp4-9fdg
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1725
reference_id
reference_type
scores
0
value 0.00115
scoring_system epss
scoring_elements 0.29814
published_at 2026-06-05T12:55:00Z
1
value 0.00115
scoring_system epss
scoring_elements 0.29746
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1725
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1765129
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1765129
3
reference_url https://issues.redhat.com/browse/KEYCLOAK-16550
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/KEYCLOAK-16550
4
reference_url https://security.archlinux.org/AVG-1332
reference_id AVG-1332
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1332
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1725
reference_id CVE-2020-1725
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1725
6
reference_url https://github.com/advisories/GHSA-p225-pc2x-4jpm
reference_id GHSA-p225-pc2x-4jpm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p225-pc2x-4jpm
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@13.0.0
purl pkg:maven/org.keycloak/keycloak-core@13.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-361y-pegm-gqbs
1
vulnerability VCID-8ze1-r95u-xbg8
2
vulnerability VCID-9cgx-nsyr-gyc3
3
vulnerability VCID-ch1b-adh9-skah
4
vulnerability VCID-crj8-4jaa-yyes
5
vulnerability VCID-cxx9-9gwy-xyb6
6
vulnerability VCID-qjhb-ubp5-ukdy
7
vulnerability VCID-vs8q-ywf1-3qa2
8
vulnerability VCID-zabp-1j4k-9bf8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@13.0.0
aliases CVE-2020-1725, GHSA-p225-pc2x-4jpm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gr2e-ntp4-9fdg
12
url VCID-hjue-s41w-bye9
vulnerability_id VCID-hjue-s41w-bye9
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14302.json
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14302.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-14302
reference_id
reference_type
scores
0
value 0.00154
scoring_system epss
scoring_elements 0.35824
published_at 2026-06-04T12:55:00Z
1
value 0.00154
scoring_system epss
scoring_elements 0.3592
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-14302
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1849584
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1849584
3
reference_url https://security.archlinux.org/ASA-202105-6
reference_id ASA-202105-6
reference_type
scores
url https://security.archlinux.org/ASA-202105-6
4
reference_url https://security.archlinux.org/AVG-1926
reference_id AVG-1926
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1926
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-14302
reference_id CVE-2020-14302
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-14302
6
reference_url https://access.redhat.com/errata/RHSA-2021:0967
reference_id RHSA-2021:0967
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0967
7
reference_url https://access.redhat.com/errata/RHSA-2021:0968
reference_id RHSA-2021:0968
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0968
8
reference_url https://access.redhat.com/errata/RHSA-2021:0969
reference_id RHSA-2021:0969
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0969
9
reference_url https://access.redhat.com/errata/RHSA-2021:0974
reference_id RHSA-2021:0974
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0974
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@13.0.0
purl pkg:maven/org.keycloak/keycloak-core@13.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-361y-pegm-gqbs
1
vulnerability VCID-8ze1-r95u-xbg8
2
vulnerability VCID-9cgx-nsyr-gyc3
3
vulnerability VCID-ch1b-adh9-skah
4
vulnerability VCID-crj8-4jaa-yyes
5
vulnerability VCID-cxx9-9gwy-xyb6
6
vulnerability VCID-qjhb-ubp5-ukdy
7
vulnerability VCID-vs8q-ywf1-3qa2
8
vulnerability VCID-zabp-1j4k-9bf8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@13.0.0
aliases CVE-2020-14302
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hjue-s41w-bye9
13
url VCID-jbzy-b52n-4kcx
vulnerability_id VCID-jbzy-b52n-4kcx
summary cross-site scripting
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20195.json
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20195.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-20195
reference_id
reference_type
scores
0
value 0.00305
scoring_system epss
scoring_elements 0.54063
published_at 2026-06-05T12:55:00Z
1
value 0.00305
scoring_system epss
scoring_elements 0.54006
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-20195
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1919143
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1919143
3
reference_url https://github.com/keycloak/keycloak/commit/717d9515fa131e3d8c8936e41b2e52270fdec976
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/717d9515fa131e3d8c8936e41b2e52270fdec976
4
reference_url https://security.archlinux.org/ASA-202102-29
reference_id ASA-202102-29
reference_type
scores
url https://security.archlinux.org/ASA-202102-29
5
reference_url https://security.archlinux.org/AVG-1578
reference_id AVG-1578
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1578
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-20195
reference_id CVE-2021-20195
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-20195
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@12.0.3
purl pkg:maven/org.keycloak/keycloak-core@12.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-361y-pegm-gqbs
1
vulnerability VCID-6gee-p7fr-1yhy
2
vulnerability VCID-7662-z35s-9qeq
3
vulnerability VCID-8ze1-r95u-xbg8
4
vulnerability VCID-9cgx-nsyr-gyc3
5
vulnerability VCID-ch1b-adh9-skah
6
vulnerability VCID-crj8-4jaa-yyes
7
vulnerability VCID-cxx9-9gwy-xyb6
8
vulnerability VCID-gr2e-ntp4-9fdg
9
vulnerability VCID-hjue-s41w-bye9
10
vulnerability VCID-jm25-gtrc-zuhh
11
vulnerability VCID-qjhb-ubp5-ukdy
12
vulnerability VCID-vs8q-ywf1-3qa2
13
vulnerability VCID-wt2c-cyu2-kbgm
14
vulnerability VCID-zabp-1j4k-9bf8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@12.0.3
1
url pkg:maven/org.keycloak/keycloak-core@13.0.0
purl pkg:maven/org.keycloak/keycloak-core@13.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-361y-pegm-gqbs
1
vulnerability VCID-8ze1-r95u-xbg8
2
vulnerability VCID-9cgx-nsyr-gyc3
3
vulnerability VCID-ch1b-adh9-skah
4
vulnerability VCID-crj8-4jaa-yyes
5
vulnerability VCID-cxx9-9gwy-xyb6
6
vulnerability VCID-qjhb-ubp5-ukdy
7
vulnerability VCID-vs8q-ywf1-3qa2
8
vulnerability VCID-zabp-1j4k-9bf8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@13.0.0
aliases CVE-2021-20195, GHSA-q6w2-89hq-hq27
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jbzy-b52n-4kcx
14
url VCID-jm25-gtrc-zuhh
vulnerability_id VCID-jm25-gtrc-zuhh
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20202.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20202.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-20202
reference_id
reference_type
scores
0
value 0.00046
scoring_system epss
scoring_elements 0.14449
published_at 2026-06-04T12:55:00Z
1
value 0.00046
scoring_system epss
scoring_elements 0.14519
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-20202
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1922128
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1922128
3
reference_url https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-7gf3-89f6-823j
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-7gf3-89f6-823j
4
reference_url https://issues.redhat.com/browse/KEYCLOAK-17000
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/KEYCLOAK-17000
5
reference_url https://security.archlinux.org/ASA-202105-6
reference_id ASA-202105-6
reference_type
scores
url https://security.archlinux.org/ASA-202105-6
6
reference_url https://security.archlinux.org/AVG-1926
reference_id AVG-1926
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1926
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-20202
reference_id CVE-2021-20202
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-20202
8
reference_url https://github.com/advisories/GHSA-6xp6-fmc8-pmmr
reference_id GHSA-6xp6-fmc8-pmmr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6xp6-fmc8-pmmr
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@13.0.0
purl pkg:maven/org.keycloak/keycloak-core@13.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-361y-pegm-gqbs
1
vulnerability VCID-8ze1-r95u-xbg8
2
vulnerability VCID-9cgx-nsyr-gyc3
3
vulnerability VCID-ch1b-adh9-skah
4
vulnerability VCID-crj8-4jaa-yyes
5
vulnerability VCID-cxx9-9gwy-xyb6
6
vulnerability VCID-qjhb-ubp5-ukdy
7
vulnerability VCID-vs8q-ywf1-3qa2
8
vulnerability VCID-zabp-1j4k-9bf8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@13.0.0
aliases CVE-2021-20202, GHSA-6xp6-fmc8-pmmr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jm25-gtrc-zuhh
15
url VCID-qjhb-ubp5-ukdy
vulnerability_id VCID-qjhb-ubp5-ukdy
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3632.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3632.json
1
reference_url https://access.redhat.com/security/cve/CVE-2021-3632
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2021-3632
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3632
reference_id
reference_type
scores
0
value 0.00503
scoring_system epss
scoring_elements 0.6649
published_at 2026-06-05T12:55:00Z
1
value 0.00503
scoring_system epss
scoring_elements 0.6645
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3632
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4
5
reference_url https://github.com/keycloak/keycloak/pull/8203
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/8203
6
reference_url https://issues.redhat.com/browse/KEYCLOAK-18500
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/KEYCLOAK-18500
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3632
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3632
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1978196
reference_id 1978196
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1978196
9
reference_url https://security.archlinux.org/AVG-1332
reference_id AVG-1332
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1332
10
reference_url https://github.com/advisories/GHSA-qpq9-jpv4-6gwr
reference_id GHSA-qpq9-jpv4-6gwr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qpq9-jpv4-6gwr
11
reference_url https://access.redhat.com/errata/RHSA-2021:3527
reference_id RHSA-2021:3527
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3527
12
reference_url https://access.redhat.com/errata/RHSA-2021:3528
reference_id RHSA-2021:3528
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3528
13
reference_url https://access.redhat.com/errata/RHSA-2021:3529
reference_id RHSA-2021:3529
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3529
14
reference_url https://access.redhat.com/errata/RHSA-2021:3534
reference_id RHSA-2021:3534
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3534
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@15.1.0
purl pkg:maven/org.keycloak/keycloak-core@15.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-361y-pegm-gqbs
1
vulnerability VCID-8ze1-r95u-xbg8
2
vulnerability VCID-9cgx-nsyr-gyc3
3
vulnerability VCID-ch1b-adh9-skah
4
vulnerability VCID-crj8-4jaa-yyes
5
vulnerability VCID-dvk9-qsq9-4uc3
6
vulnerability VCID-zabp-1j4k-9bf8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@15.1.0
aliases CVE-2021-3632, GHSA-qpq9-jpv4-6gwr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qjhb-ubp5-ukdy
16
url VCID-vs8q-ywf1-3qa2
vulnerability_id VCID-vs8q-ywf1-3qa2
summary keycloak-services: ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3856.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3856.json
1
reference_url https://access.redhat.com/security/cve/CVE-2021-3856
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2021-3856
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3856
reference_id
reference_type
scores
0
value 0.00364
scoring_system epss
scoring_elements 0.58775
published_at 2026-06-05T12:55:00Z
1
value 0.00364
scoring_system epss
scoring_elements 0.58728
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3856
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://github.com/keycloak/keycloak/commit/73f0474008e1bebd0733e62a22aceda9e5de6743
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/73f0474008e1bebd0733e62a22aceda9e5de6743
5
reference_url https://github.com/keycloak/keycloak/pull/8588
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/8588
6
reference_url https://issues.redhat.com/browse/KEYCLOAK-19422
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/KEYCLOAK-19422
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3856
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3856
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2010164
reference_id 2010164
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2010164
9
reference_url https://github.com/advisories/GHSA-3w4v-rvc4-2xpw
reference_id GHSA-3w4v-rvc4-2xpw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3w4v-rvc4-2xpw
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@15.1.0
purl pkg:maven/org.keycloak/keycloak-core@15.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-361y-pegm-gqbs
1
vulnerability VCID-8ze1-r95u-xbg8
2
vulnerability VCID-9cgx-nsyr-gyc3
3
vulnerability VCID-ch1b-adh9-skah
4
vulnerability VCID-crj8-4jaa-yyes
5
vulnerability VCID-dvk9-qsq9-4uc3
6
vulnerability VCID-zabp-1j4k-9bf8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@15.1.0
aliases CVE-2021-3856, GHSA-3w4v-rvc4-2xpw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vs8q-ywf1-3qa2
17
url VCID-wt2c-cyu2-kbgm
vulnerability_id VCID-wt2c-cyu2-kbgm
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27838.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27838.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-27838
reference_id
reference_type
scores
0
value 0.85144
scoring_system epss
scoring_elements 0.99373
published_at 2026-06-05T12:55:00Z
1
value 0.85144
scoring_system epss
scoring_elements 0.99371
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-27838
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1906797
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1906797
3
reference_url https://github.com/keycloak/keycloak/commit/9356843c6c3d7097d010b3bb6f91e25fcaba378c
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/9356843c6c3d7097d010b3bb6f91e25fcaba378c
4
reference_url https://github.com/keycloak/keycloak/pull/7790
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/7790
5
reference_url https://security.archlinux.org/ASA-202105-6
reference_id ASA-202105-6
reference_type
scores
url https://security.archlinux.org/ASA-202105-6
6
reference_url https://security.archlinux.org/AVG-1926
reference_id AVG-1926
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1926
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-27838
reference_id CVE-2020-27838
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-27838
8
reference_url https://github.com/advisories/GHSA-pcv5-m2wh-66j3
reference_id GHSA-pcv5-m2wh-66j3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pcv5-m2wh-66j3
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@13.0.0
purl pkg:maven/org.keycloak/keycloak-core@13.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-361y-pegm-gqbs
1
vulnerability VCID-8ze1-r95u-xbg8
2
vulnerability VCID-9cgx-nsyr-gyc3
3
vulnerability VCID-ch1b-adh9-skah
4
vulnerability VCID-crj8-4jaa-yyes
5
vulnerability VCID-cxx9-9gwy-xyb6
6
vulnerability VCID-qjhb-ubp5-ukdy
7
vulnerability VCID-vs8q-ywf1-3qa2
8
vulnerability VCID-zabp-1j4k-9bf8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@13.0.0
aliases CVE-2020-27838, GHSA-pcv5-m2wh-66j3
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wt2c-cyu2-kbgm
18
url VCID-y9de-4w6u-abfa
vulnerability_id VCID-y9de-4w6u-abfa
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10776
reference_id
reference_type
scores
0
value 0.00271
scoring_system epss
scoring_elements 0.50801
published_at 2026-06-05T12:55:00Z
1
value 0.00271
scoring_system epss
scoring_elements 0.50741
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10776
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1847428
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1847428
3
reference_url https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10776
reference_id CVE-2020-10776
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10776
5
reference_url https://github.com/advisories/GHSA-484q-784p-8m5h
reference_id GHSA-484q-784p-8m5h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-484q-784p-8m5h
6
reference_url https://access.redhat.com/errata/RHSA-2020:4929
reference_id RHSA-2020:4929
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4929
7
reference_url https://access.redhat.com/errata/RHSA-2020:4930
reference_id RHSA-2020:4930
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4930
8
reference_url https://access.redhat.com/errata/RHSA-2020:4931
reference_id RHSA-2020:4931
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4931
9
reference_url https://access.redhat.com/errata/RHSA-2020:4932
reference_id RHSA-2020:4932
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4932
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@12.0.0
purl pkg:maven/org.keycloak/keycloak-core@12.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-361y-pegm-gqbs
1
vulnerability VCID-3kg4-uvgq-5khf
2
vulnerability VCID-6gee-p7fr-1yhy
3
vulnerability VCID-7662-z35s-9qeq
4
vulnerability VCID-8ze1-r95u-xbg8
5
vulnerability VCID-9cgx-nsyr-gyc3
6
vulnerability VCID-ch1b-adh9-skah
7
vulnerability VCID-crj8-4jaa-yyes
8
vulnerability VCID-cxx9-9gwy-xyb6
9
vulnerability VCID-gr2e-ntp4-9fdg
10
vulnerability VCID-hjue-s41w-bye9
11
vulnerability VCID-jbzy-b52n-4kcx
12
vulnerability VCID-jm25-gtrc-zuhh
13
vulnerability VCID-pu4g-rbu2-nbdb
14
vulnerability VCID-qjhb-ubp5-ukdy
15
vulnerability VCID-vs8q-ywf1-3qa2
16
vulnerability VCID-wt2c-cyu2-kbgm
17
vulnerability VCID-zabp-1j4k-9bf8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@12.0.0
aliases CVE-2020-10776, GHSA-484q-784p-8m5h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y9de-4w6u-abfa
19
url VCID-zabp-1j4k-9bf8
vulnerability_id VCID-zabp-1j4k-9bf8
summary 
Keycloak vulnerable to untrusted certificate validation
A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and the reverse proxy is not validating the certificate before Keycloak. Using this method an attacker may choose the certificate which will be validated by the server. If this happens and the KC_SPI_TRUSTSTORE_FILE_FILE variable is missing/misconfigured, any trustfile may be accepted with the logging information of "Cannot validate client certificate trust: Truststore not available". This may not impact availability as the attacker would have no access to the server, but consumer applications Integrity or Confidentiality may be impacted considering a possible access to them. Considering the environment is correctly set to use "Revalidate Client Certificate" this flaw is avoidable.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1664.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1664.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1664
reference_id
reference_type
scores
0
value 0.00254
scoring_system epss
scoring_elements 0.48989
published_at 2026-06-05T12:55:00Z
1
value 0.00254
scoring_system epss
scoring_elements 0.48927
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1664
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2182196&comment#0
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T21:33:57Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2182196&comment#0
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-5cc8-pgp5-7mpm
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-5cc8-pgp5-7mpm
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2182196
reference_id 2182196
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2182196
6
reference_url https://access.redhat.com/security/cve/CVE-2023-1664
reference_id CVE-2023-1664
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2023-1664
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1664
reference_id CVE-2023-1664
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1664
8
reference_url https://github.com/advisories/GHSA-c892-cwq6-qrqf
reference_id GHSA-c892-cwq6-qrqf
reference_type
scores
url https://github.com/advisories/GHSA-c892-cwq6-qrqf
9
reference_url https://access.redhat.com/errata/RHSA-2023:5491
reference_id RHSA-2023:5491
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5491
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-core@21.1.2
purl pkg:maven/org.keycloak/keycloak-core@21.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@21.1.2
aliases CVE-2023-1664, GHSA-5cc8-pgp5-7mpm, GHSA-c892-cwq6-qrqf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zabp-1j4k-9bf8
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@11.0.2