{"url":"http://public2.vulnerablecode.io/api/packages/371788?format=json","purl":"pkg:alpm/archlinux/keycloak@16.0.0-1","type":"alpm","namespace":"archlinux","name":"keycloak","version":"16.0.0-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12561?format=json","vulnerability_id":"VCID-3248-31p8-tyd4","summary":"Incorrect Authorization\nA flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access token.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1725","reference_id":"","reference_type":"","scores":[{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29725","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30095","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.3011","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30044","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29974","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29859","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29792","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29648","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29712","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30193","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30223","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30272","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.3009","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.3015","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30186","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30188","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30145","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1725"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1765129","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1765129"},{"reference_url":"https://issues.redhat.com/browse/KEYCLOAK-16550","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/KEYCLOAK-16550"},{"reference_url":"https://security.archlinux.org/AVG-1332","reference_id":"AVG-1332","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1332"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1725","reference_id":"CVE-2020-1725","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1725"},{"reference_url":"https://github.com/advisories/GHSA-p225-pc2x-4jpm","reference_id":"GHSA-p225-pc2x-4jpm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p225-pc2x-4jpm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371788?format=json","purl":"pkg:alpm/archlinux/keycloak@16.0.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/keycloak@16.0.0-1"}],"aliases":["CVE-2020-1725","GHSA-p225-pc2x-4jpm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3248-31p8-tyd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12527?format=json","vulnerability_id":"VCID-6ure-3hgz-xfgn","summary":"Authentication Bypass by Primary Weakness\nA vulnerability was found in all versions of keycloak, where on using lower case HTTP headers (via cURL) we can bypass our Gatekeeper. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when we put a Gatekeeper in front of a Jetty server and use lowercase headers.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14359.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14359.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14359","reference_id":"","reference_type":"","scores":[{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49217","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49249","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49246","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49263","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49236","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49241","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49288","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49284","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49254","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49242","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49251","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49209","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49126","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49189","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49183","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49215","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49243","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49194","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14359"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868591","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868591"},{"reference_url":"https://github.com/keycloak/keycloak-gatekeeper","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak-gatekeeper"},{"reference_url":"https://github.com/keycloak/keycloak/issues/12934","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/12934"},{"reference_url":"https://issues.jboss.org/browse/KEYCLOAK-14090","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.jboss.org/browse/KEYCLOAK-14090"},{"reference_url":"https://web.archive.org/web/20190613000352/github.com/keycloak/keycloak-gatekeeper","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20190613000352/github.com/keycloak/keycloak-gatekeeper"},{"reference_url":"https://security.archlinux.org/AVG-1332","reference_id":"AVG-1332","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1332"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14359","reference_id":"CVE-2020-14359","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14359"},{"reference_url":"https://github.com/advisories/GHSA-jh6m-3pqw-242h","reference_id":"GHSA-jh6m-3pqw-242h","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jh6m-3pqw-242h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371788?format=json","purl":"pkg:alpm/archlinux/keycloak@16.0.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/keycloak@16.0.0-1"}],"aliases":["CVE-2020-14359","GHSA-jh6m-3pqw-242h"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6ure-3hgz-xfgn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80647?format=json","vulnerability_id":"VCID-7nv2-691y-13a1","summary":"keycloak: logout endpoint /oauth/logout?redirect=url can be abused to redirect logged in users to arbitrary web pages","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1723.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1723.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1723","reference_id":"","reference_type":"","scores":[{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36144","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36339","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36372","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36207","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36256","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36275","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.3628","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36243","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36219","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36262","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36246","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36195","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.35963","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.3593","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.35843","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.35726","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.35795","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.35816","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1723"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1770276","reference_id":"1770276","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1770276"},{"reference_url":"https://security.archlinux.org/AVG-1332","reference_id":"AVG-1332","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1332"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371788?format=json","purl":"pkg:alpm/archlinux/keycloak@16.0.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/keycloak@16.0.0-1"}],"aliases":["CVE-2020-1723"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7nv2-691y-13a1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13947?format=json","vulnerability_id":"VCID-8zrg-f41g-pqfk","summary":"ECP SAML binding bypasses authentication flows\n### Description\nA flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The highest threat from this vulnerability is to confidentiality and integrity.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3827.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3827.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2021-3827","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2021-3827"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3827","reference_id":"","reference_type":"","scores":[{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43038","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43247","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.4326","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.4328","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43248","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43233","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43294","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43283","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43218","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43153","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43154","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43074","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.42941","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43018","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43174","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.4323","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43259","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43196","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3827"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2007512","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2007512"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3827","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3827"},{"reference_url":"https://security.archlinux.org/AVG-1332","reference_id":"AVG-1332","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1332"},{"reference_url":"https://github.com/advisories/GHSA-4pc7-vqv5-5r3v","reference_id":"GHSA-4pc7-vqv5-5r3v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4pc7-vqv5-5r3v"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-4pc7-vqv5-5r3v","reference_id":"GHSA-4pc7-vqv5-5r3v","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-4pc7-vqv5-5r3v"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0151","reference_id":"RHSA-2022:0151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0151"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0152","reference_id":"RHSA-2022:0152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0155","reference_id":"RHSA-2022:0155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0164","reference_id":"RHSA-2022:0164","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0164"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371788?format=json","purl":"pkg:alpm/archlinux/keycloak@16.0.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/keycloak@16.0.0-1"}],"aliases":["CVE-2021-3827","GHSA-4pc7-vqv5-5r3v","GMS-2022-1098"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8zrg-f41g-pqfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13962?format=json","vulnerability_id":"VCID-98yf-g4d3-u3g8","summary":"Keycloak is vulnerable to IDN homograph attack\nA flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 where IDN homograph attacks are possible. A malicious user can register himself with a name already registered and trick admin to grant him extra privileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3424.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3424.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3424","reference_id":"","reference_type":"","scores":[{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.36876","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.3732","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37303","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37248","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37024","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.36993","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.36908","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.3679","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.36856","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37242","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37408","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37432","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37261","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37312","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37324","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37335","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37301","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37273","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3424"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1933320","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1933320"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://security.archlinux.org/AVG-1332","reference_id":"AVG-1332","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1332"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3424","reference_id":"CVE-2021-3424","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3424"},{"reference_url":"https://github.com/advisories/GHSA-pf38-cw3p-22q9","reference_id":"GHSA-pf38-cw3p-22q9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pf38-cw3p-22q9"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2063","reference_id":"RHSA-2021:2063","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2063"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2064","reference_id":"RHSA-2021:2064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2064"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2065","reference_id":"RHSA-2021:2065","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2065"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2070","reference_id":"RHSA-2021:2070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2070"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371788?format=json","purl":"pkg:alpm/archlinux/keycloak@16.0.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/keycloak@16.0.0-1"}],"aliases":["CVE-2021-3424","GHSA-pf38-cw3p-22q9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-98yf-g4d3-u3g8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42414?format=json","vulnerability_id":"VCID-d1ua-u2v7-jqf8","summary":"Keycloak Missing authentication for critical function\nA flaw was found in Keycloak 12.0.0 where re-authentication does not occur while updating the password. This flaw allows an attacker to take over an account if they can obtain temporary, physical access to a user’s browser. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20262.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20262.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20262","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13438","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13424","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13428","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13401","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13296","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13199","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13353","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13458","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13558","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.1362","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13417","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13499","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13547","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13521","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13483","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13437","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.1335","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13348","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20262"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1933639","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1933639"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20262","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20262"},{"reference_url":"https://security.archlinux.org/AVG-1332","reference_id":"AVG-1332","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1332"},{"reference_url":"https://github.com/advisories/GHSA-xf46-8vvp-4hxx","reference_id":"GHSA-xf46-8vvp-4hxx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xf46-8vvp-4hxx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371788?format=json","purl":"pkg:alpm/archlinux/keycloak@16.0.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/keycloak@16.0.0-1"}],"aliases":["CVE-2021-20262","GHSA-xf46-8vvp-4hxx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d1ua-u2v7-jqf8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53144?format=json","vulnerability_id":"VCID-gndk-728r-9yh7","summary":"Keycloak allows anyone to register new security device or key for any user by using WebAuthn password-less login flow\nA flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3632.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3632.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2021-3632","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2021-3632"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3632","reference_id":"","reference_type":"","scores":[{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66135","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66156","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66157","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66145","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66117","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66222","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66179","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66098","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.6611","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66129","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66087","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66125","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66137","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66012","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66123","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66055","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66083","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66049","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3632"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1978196","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1978196"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4"},{"reference_url":"https://github.com/keycloak/keycloak/pull/8203","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/8203"},{"reference_url":"https://issues.redhat.com/browse/KEYCLOAK-18500","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/KEYCLOAK-18500"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3632","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3632"},{"reference_url":"https://security.archlinux.org/AVG-1332","reference_id":"AVG-1332","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1332"},{"reference_url":"https://github.com/advisories/GHSA-qpq9-jpv4-6gwr","reference_id":"GHSA-qpq9-jpv4-6gwr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qpq9-jpv4-6gwr"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3527","reference_id":"RHSA-2021:3527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3527"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3528","reference_id":"RHSA-2021:3528","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3528"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3529","reference_id":"RHSA-2021:3529","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3529"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3534","reference_id":"RHSA-2021:3534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3534"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371788?format=json","purl":"pkg:alpm/archlinux/keycloak@16.0.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/keycloak@16.0.0-1"}],"aliases":["CVE-2021-3632","GHSA-qpq9-jpv4-6gwr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gndk-728r-9yh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13966?format=json","vulnerability_id":"VCID-hp5p-7wxk-v3eu","summary":"Cross-Site Request Forgery (CSRF)\nA vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. Versions shipped with Red Hat Fuse 7, Red Hat Single Sign-on 7, and Red Hat Openshift Application Runtimes are believed to be vulnerable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10734.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10734.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10734","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05494","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05271","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05291","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05259","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05243","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05231","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05176","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.0518","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05335","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.0537","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05412","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.0541","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05406","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05451","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05137","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05184","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05213","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05236","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10734"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1831662","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1831662"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://issues.redhat.com/browse/KEYCLOAK-13653","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/KEYCLOAK-13653"},{"reference_url":"https://security.archlinux.org/AVG-1332","reference_id":"AVG-1332","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1332"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10734","reference_id":"CVE-2020-10734","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10734"},{"reference_url":"https://github.com/advisories/GHSA-rvjg-gxwx-j5gf","reference_id":"GHSA-rvjg-gxwx-j5gf","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rvjg-gxwx-j5gf"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-rvjg-gxwx-j5gf","reference_id":"GHSA-rvjg-gxwx-j5gf","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-rvjg-gxwx-j5gf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371788?format=json","purl":"pkg:alpm/archlinux/keycloak@16.0.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/keycloak@16.0.0-1"}],"aliases":["CVE-2020-10734","GHSA-rvjg-gxwx-j5gf"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hp5p-7wxk-v3eu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12582?format=json","vulnerability_id":"VCID-jprv-e2zb-v7bb","summary":"Generation of Error Message Containing Sensitive Information\nA flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1717.json","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1717.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1717","reference_id":"","reference_type":"","scores":[{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.3964","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40068","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40039","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.39961","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.3979","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.39776","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.39691","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.39559","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.39624","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.39902","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40049","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40076","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.39997","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.4005","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40064","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40075","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40038","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40018","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1717"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1796281","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1796281"},{"reference_url":"https://issues.jboss.org/browse/KEYCLOAK-12014","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.jboss.org/browse/KEYCLOAK-12014"},{"reference_url":"https://security.archlinux.org/AVG-1332","reference_id":"AVG-1332","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1332"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1717","reference_id":"CVE-2020-1717","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1717"},{"reference_url":"https://github.com/advisories/GHSA-rvfc-g8j5-9ccf","reference_id":"GHSA-rvfc-g8j5-9ccf","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rvfc-g8j5-9ccf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371788?format=json","purl":"pkg:alpm/archlinux/keycloak@16.0.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/keycloak@16.0.0-1"}],"aliases":["CVE-2020-1717","GHSA-rvfc-g8j5-9ccf"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jprv-e2zb-v7bb"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/keycloak@16.0.0-1"}