| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| url |
VCID-84mv-ug5g-a3h9 |
| vulnerability_id |
VCID-84mv-ug5g-a3h9 |
| summary |
A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer" authentication scheme. It accepts non-standard characters (such as tabs) as separators and tolerates case variations that deviate from RFC 6750 specifications. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-0707 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00023 |
| scoring_system |
epss |
| scoring_elements |
0.06726 |
| published_at |
2026-06-12T12:55:00Z |
|
| 1 |
| value |
0.00023 |
| scoring_system |
epss |
| scoring_elements |
0.06705 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.00023 |
| scoring_system |
epss |
| scoring_elements |
0.06714 |
| published_at |
2026-06-13T12:55:00Z |
|
| 3 |
| value |
0.00023 |
| scoring_system |
epss |
| scoring_elements |
0.06697 |
| published_at |
2026-06-14T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-0707 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-0707, GHSA-gv94-wp4h-vv8p
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-84mv-ug5g-a3h9 |
|
| 4 |
| url |
VCID-8bsa-q81m-kqb4 |
| vulnerability_id |
VCID-8bsa-q81m-kqb4 |
| summary |
Keycloak Reflected XSS |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-12158 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00483 |
| scoring_system |
epss |
| scoring_elements |
0.65743 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00483 |
| scoring_system |
epss |
| scoring_elements |
0.65638 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.00483 |
| scoring_system |
epss |
| scoring_elements |
0.65736 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00483 |
| scoring_system |
epss |
| scoring_elements |
0.65747 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-12158 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:maven/org.keycloak/keycloak-parent@3.4.0.Final |
| purl |
pkg:maven/org.keycloak/keycloak-parent@3.4.0.Final |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-18mj-nf1g-eudw |
|
| 1 |
| vulnerability |
VCID-3rur-12kv-m7hb |
|
| 2 |
| vulnerability |
VCID-4whe-byzu-uber |
|
| 3 |
| vulnerability |
VCID-84mv-ug5g-a3h9 |
|
| 4 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 5 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 6 |
| vulnerability |
VCID-h6ky-xtx2-augv |
|
| 7 |
| vulnerability |
VCID-hvwy-pv1y-sqeg |
|
| 8 |
| vulnerability |
VCID-kj39-hw6e-3ugc |
|
| 9 |
| vulnerability |
VCID-ktfu-j9gz-p7d1 |
|
| 10 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 11 |
| vulnerability |
VCID-mapz-gvsn-2qhj |
|
| 12 |
| vulnerability |
VCID-p3em-yab1-6bbk |
|
| 13 |
| vulnerability |
VCID-pasa-fk1x-dkdz |
|
| 14 |
| vulnerability |
VCID-rvcz-9csv-gfb4 |
|
| 15 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 16 |
| vulnerability |
VCID-v9s6-g89x-akbd |
|
| 17 |
| vulnerability |
VCID-w2zv-nrcz-nyhj |
|
| 18 |
| vulnerability |
VCID-we56-zj4r-eqdw |
|
| 19 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 20 |
| vulnerability |
VCID-wsxe-rr25-efbc |
|
| 21 |
| vulnerability |
VCID-zneb-4cqe-kyaj |
|
| 22 |
| vulnerability |
VCID-ztxp-j5gt-4qdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@3.4.0.Final |
|
|
| aliases |
CVE-2017-12158, GHSA-v38p-mqq3-m6v5
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8bsa-q81m-kqb4 |
|
| 5 |
| url |
VCID-c2nr-hks8-4qg1 |
| vulnerability_id |
VCID-c2nr-hks8-4qg1 |
| summary |
A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-3916 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00226 |
| scoring_system |
epss |
| scoring_elements |
0.45709 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00226 |
| scoring_system |
epss |
| scoring_elements |
0.45567 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.00226 |
| scoring_system |
epss |
| scoring_elements |
0.45714 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00226 |
| scoring_system |
epss |
| scoring_elements |
0.45723 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-3916 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-3916, GHSA-97g8-xfvw-q4hg, GMS-2022-8406
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-c2nr-hks8-4qg1 |
|
| 6 |
|
| 7 |
| url |
VCID-e3c5-n2b5-fyca |
| vulnerability_id |
VCID-e3c5-n2b5-fyca |
| summary |
Keycloak Oauth Implementation Error |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-12160 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00571 |
| scoring_system |
epss |
| scoring_elements |
0.69202 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00571 |
| scoring_system |
epss |
| scoring_elements |
0.69104 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.00571 |
| scoring_system |
epss |
| scoring_elements |
0.69196 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00571 |
| scoring_system |
epss |
| scoring_elements |
0.69208 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-12160 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-parent@3.3.0.Final |
| purl |
pkg:maven/org.keycloak/keycloak-parent@3.3.0.Final |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-18mj-nf1g-eudw |
|
| 1 |
| vulnerability |
VCID-3rur-12kv-m7hb |
|
| 2 |
| vulnerability |
VCID-4whe-byzu-uber |
|
| 3 |
| vulnerability |
VCID-84mv-ug5g-a3h9 |
|
| 4 |
| vulnerability |
VCID-8bsa-q81m-kqb4 |
|
| 5 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 6 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 7 |
| vulnerability |
VCID-e3c5-n2b5-fyca |
|
| 8 |
| vulnerability |
VCID-h6ky-xtx2-augv |
|
| 9 |
| vulnerability |
VCID-hvwy-pv1y-sqeg |
|
| 10 |
| vulnerability |
VCID-kj39-hw6e-3ugc |
|
| 11 |
| vulnerability |
VCID-ktfu-j9gz-p7d1 |
|
| 12 |
| vulnerability |
VCID-kx1h-zypy-53ed |
|
| 13 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 14 |
| vulnerability |
VCID-mapz-gvsn-2qhj |
|
| 15 |
| vulnerability |
VCID-p3em-yab1-6bbk |
|
| 16 |
| vulnerability |
VCID-pasa-fk1x-dkdz |
|
| 17 |
| vulnerability |
VCID-rvcz-9csv-gfb4 |
|
| 18 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 19 |
| vulnerability |
VCID-v9s6-g89x-akbd |
|
| 20 |
| vulnerability |
VCID-w2zv-nrcz-nyhj |
|
| 21 |
| vulnerability |
VCID-we56-zj4r-eqdw |
|
| 22 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 23 |
| vulnerability |
VCID-wsxe-rr25-efbc |
|
| 24 |
| vulnerability |
VCID-zneb-4cqe-kyaj |
|
| 25 |
| vulnerability |
VCID-ztxp-j5gt-4qdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@3.3.0.Final |
|
| 1 |
| url |
pkg:maven/org.keycloak/keycloak-parent@3.4.0.CR1 |
| purl |
pkg:maven/org.keycloak/keycloak-parent@3.4.0.CR1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-18mj-nf1g-eudw |
|
| 1 |
| vulnerability |
VCID-3rur-12kv-m7hb |
|
| 2 |
| vulnerability |
VCID-4whe-byzu-uber |
|
| 3 |
| vulnerability |
VCID-84mv-ug5g-a3h9 |
|
| 4 |
| vulnerability |
VCID-8bsa-q81m-kqb4 |
|
| 5 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 6 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 7 |
| vulnerability |
VCID-h6ky-xtx2-augv |
|
| 8 |
| vulnerability |
VCID-hvwy-pv1y-sqeg |
|
| 9 |
| vulnerability |
VCID-kj39-hw6e-3ugc |
|
| 10 |
| vulnerability |
VCID-ktfu-j9gz-p7d1 |
|
| 11 |
| vulnerability |
VCID-kx1h-zypy-53ed |
|
| 12 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 13 |
| vulnerability |
VCID-mapz-gvsn-2qhj |
|
| 14 |
| vulnerability |
VCID-p3em-yab1-6bbk |
|
| 15 |
| vulnerability |
VCID-pasa-fk1x-dkdz |
|
| 16 |
| vulnerability |
VCID-rvcz-9csv-gfb4 |
|
| 17 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 18 |
| vulnerability |
VCID-v9s6-g89x-akbd |
|
| 19 |
| vulnerability |
VCID-w2zv-nrcz-nyhj |
|
| 20 |
| vulnerability |
VCID-we56-zj4r-eqdw |
|
| 21 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 22 |
| vulnerability |
VCID-wsxe-rr25-efbc |
|
| 23 |
| vulnerability |
VCID-zneb-4cqe-kyaj |
|
| 24 |
| vulnerability |
VCID-ztxp-j5gt-4qdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@3.4.0.CR1 |
|
|
| aliases |
CVE-2017-12160, GHSA-qc72-gfvw-76h7
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-e3c5-n2b5-fyca |
|
| 8 |
|
| 9 |
| url |
VCID-hvwy-pv1y-sqeg |
| vulnerability_id |
VCID-hvwy-pv1y-sqeg |
| summary |
Improper Authentication for Keycloak |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-1718 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00367 |
| scoring_system |
epss |
| scoring_elements |
0.59147 |
| published_at |
2026-06-12T12:55:00Z |
|
| 1 |
| value |
0.00367 |
| scoring_system |
epss |
| scoring_elements |
0.59035 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.00367 |
| scoring_system |
epss |
| scoring_elements |
0.59149 |
| published_at |
2026-06-14T12:55:00Z |
|
| 3 |
| value |
0.00367 |
| scoring_system |
epss |
| scoring_elements |
0.59158 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-1718 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-parent@8.0.0 |
| purl |
pkg:maven/org.keycloak/keycloak-parent@8.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-18mj-nf1g-eudw |
|
| 1 |
| vulnerability |
VCID-3rur-12kv-m7hb |
|
| 2 |
| vulnerability |
VCID-4whe-byzu-uber |
|
| 3 |
| vulnerability |
VCID-84mv-ug5g-a3h9 |
|
| 4 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 5 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 6 |
| vulnerability |
VCID-h6ky-xtx2-augv |
|
| 7 |
| vulnerability |
VCID-kj39-hw6e-3ugc |
|
| 8 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 9 |
| vulnerability |
VCID-mapz-gvsn-2qhj |
|
| 10 |
| vulnerability |
VCID-nw7d-d5r1-kua8 |
|
| 11 |
| vulnerability |
VCID-p3em-yab1-6bbk |
|
| 12 |
| vulnerability |
VCID-rvcz-9csv-gfb4 |
|
| 13 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 14 |
| vulnerability |
VCID-v9s6-g89x-akbd |
|
| 15 |
| vulnerability |
VCID-w2zv-nrcz-nyhj |
|
| 16 |
| vulnerability |
VCID-we56-zj4r-eqdw |
|
| 17 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 18 |
| vulnerability |
VCID-wsxe-rr25-efbc |
|
| 19 |
| vulnerability |
VCID-ztxp-j5gt-4qdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@8.0.0 |
|
|
| aliases |
CVE-2020-1718, GHSA-j229-2h63-rvh9
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
7.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hvwy-pv1y-sqeg |
|
| 10 |
|
| 11 |
| url |
VCID-ktfu-j9gz-p7d1 |
| vulnerability_id |
VCID-ktfu-j9gz-p7d1 |
| summary |
Keycloak vulnerable to cross-site scripting via the state parameter |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-14655 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0022 |
| scoring_system |
epss |
| scoring_elements |
0.44917 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.0022 |
| scoring_system |
epss |
| scoring_elements |
0.44765 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.0022 |
| scoring_system |
epss |
| scoring_elements |
0.44916 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.0022 |
| scoring_system |
epss |
| scoring_elements |
0.44931 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-14655 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-parent@4.0.0.Beta3 |
| purl |
pkg:maven/org.keycloak/keycloak-parent@4.0.0.Beta3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-18mj-nf1g-eudw |
|
| 1 |
| vulnerability |
VCID-3rur-12kv-m7hb |
|
| 2 |
| vulnerability |
VCID-4whe-byzu-uber |
|
| 3 |
| vulnerability |
VCID-84mv-ug5g-a3h9 |
|
| 4 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 5 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 6 |
| vulnerability |
VCID-h6ky-xtx2-augv |
|
| 7 |
| vulnerability |
VCID-hvwy-pv1y-sqeg |
|
| 8 |
| vulnerability |
VCID-kj39-hw6e-3ugc |
|
| 9 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 10 |
| vulnerability |
VCID-mapz-gvsn-2qhj |
|
| 11 |
| vulnerability |
VCID-p3em-yab1-6bbk |
|
| 12 |
| vulnerability |
VCID-pasa-fk1x-dkdz |
|
| 13 |
| vulnerability |
VCID-rvcz-9csv-gfb4 |
|
| 14 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 15 |
| vulnerability |
VCID-v9s6-g89x-akbd |
|
| 16 |
| vulnerability |
VCID-w2zv-nrcz-nyhj |
|
| 17 |
| vulnerability |
VCID-we56-zj4r-eqdw |
|
| 18 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 19 |
| vulnerability |
VCID-wsxe-rr25-efbc |
|
| 20 |
| vulnerability |
VCID-zneb-4cqe-kyaj |
|
| 21 |
| vulnerability |
VCID-ztxp-j5gt-4qdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@4.0.0.Beta3 |
|
| 1 |
| url |
pkg:maven/org.keycloak/keycloak-parent@4.4.0.Final |
| purl |
pkg:maven/org.keycloak/keycloak-parent@4.4.0.Final |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-18mj-nf1g-eudw |
|
| 1 |
| vulnerability |
VCID-3rur-12kv-m7hb |
|
| 2 |
| vulnerability |
VCID-4whe-byzu-uber |
|
| 3 |
| vulnerability |
VCID-84mv-ug5g-a3h9 |
|
| 4 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 5 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 6 |
| vulnerability |
VCID-h6ky-xtx2-augv |
|
| 7 |
| vulnerability |
VCID-hvwy-pv1y-sqeg |
|
| 8 |
| vulnerability |
VCID-kj39-hw6e-3ugc |
|
| 9 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 10 |
| vulnerability |
VCID-mapz-gvsn-2qhj |
|
| 11 |
| vulnerability |
VCID-p3em-yab1-6bbk |
|
| 12 |
| vulnerability |
VCID-rvcz-9csv-gfb4 |
|
| 13 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 14 |
| vulnerability |
VCID-v9s6-g89x-akbd |
|
| 15 |
| vulnerability |
VCID-w2zv-nrcz-nyhj |
|
| 16 |
| vulnerability |
VCID-we56-zj4r-eqdw |
|
| 17 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 18 |
| vulnerability |
VCID-wsxe-rr25-efbc |
|
| 19 |
| vulnerability |
VCID-zneb-4cqe-kyaj |
|
| 20 |
| vulnerability |
VCID-ztxp-j5gt-4qdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@4.4.0.Final |
|
|
| aliases |
CVE-2018-14655, GHSA-458h-wv48-fq75
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ktfu-j9gz-p7d1 |
|
| 12 |
| url |
VCID-kx1h-zypy-53ed |
| vulnerability_id |
VCID-kx1h-zypy-53ed |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-12159 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00312 |
| scoring_system |
epss |
| scoring_elements |
0.54901 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00312 |
| scoring_system |
epss |
| scoring_elements |
0.54776 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.00312 |
| scoring_system |
epss |
| scoring_elements |
0.549 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00312 |
| scoring_system |
epss |
| scoring_elements |
0.54917 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-12159 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:maven/org.keycloak/keycloak-parent@3.4.0.Final |
| purl |
pkg:maven/org.keycloak/keycloak-parent@3.4.0.Final |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-18mj-nf1g-eudw |
|
| 1 |
| vulnerability |
VCID-3rur-12kv-m7hb |
|
| 2 |
| vulnerability |
VCID-4whe-byzu-uber |
|
| 3 |
| vulnerability |
VCID-84mv-ug5g-a3h9 |
|
| 4 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 5 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 6 |
| vulnerability |
VCID-h6ky-xtx2-augv |
|
| 7 |
| vulnerability |
VCID-hvwy-pv1y-sqeg |
|
| 8 |
| vulnerability |
VCID-kj39-hw6e-3ugc |
|
| 9 |
| vulnerability |
VCID-ktfu-j9gz-p7d1 |
|
| 10 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 11 |
| vulnerability |
VCID-mapz-gvsn-2qhj |
|
| 12 |
| vulnerability |
VCID-p3em-yab1-6bbk |
|
| 13 |
| vulnerability |
VCID-pasa-fk1x-dkdz |
|
| 14 |
| vulnerability |
VCID-rvcz-9csv-gfb4 |
|
| 15 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 16 |
| vulnerability |
VCID-v9s6-g89x-akbd |
|
| 17 |
| vulnerability |
VCID-w2zv-nrcz-nyhj |
|
| 18 |
| vulnerability |
VCID-we56-zj4r-eqdw |
|
| 19 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 20 |
| vulnerability |
VCID-wsxe-rr25-efbc |
|
| 21 |
| vulnerability |
VCID-zneb-4cqe-kyaj |
|
| 22 |
| vulnerability |
VCID-ztxp-j5gt-4qdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@3.4.0.Final |
|
|
| aliases |
CVE-2017-12159, GHSA-7fmw-85qm-h22p
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kx1h-zypy-53ed |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
| url |
VCID-pasa-fk1x-dkdz |
| vulnerability_id |
VCID-pasa-fk1x-dkdz |
| summary |
Keycloak Improper Bruteforce Detection |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-14657 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.57686 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.57563 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.57679 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00346 |
| scoring_system |
epss |
| scoring_elements |
0.57695 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-14657 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-parent@4.4.0.Final |
| purl |
pkg:maven/org.keycloak/keycloak-parent@4.4.0.Final |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-18mj-nf1g-eudw |
|
| 1 |
| vulnerability |
VCID-3rur-12kv-m7hb |
|
| 2 |
| vulnerability |
VCID-4whe-byzu-uber |
|
| 3 |
| vulnerability |
VCID-84mv-ug5g-a3h9 |
|
| 4 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 5 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 6 |
| vulnerability |
VCID-h6ky-xtx2-augv |
|
| 7 |
| vulnerability |
VCID-hvwy-pv1y-sqeg |
|
| 8 |
| vulnerability |
VCID-kj39-hw6e-3ugc |
|
| 9 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 10 |
| vulnerability |
VCID-mapz-gvsn-2qhj |
|
| 11 |
| vulnerability |
VCID-p3em-yab1-6bbk |
|
| 12 |
| vulnerability |
VCID-rvcz-9csv-gfb4 |
|
| 13 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 14 |
| vulnerability |
VCID-v9s6-g89x-akbd |
|
| 15 |
| vulnerability |
VCID-w2zv-nrcz-nyhj |
|
| 16 |
| vulnerability |
VCID-we56-zj4r-eqdw |
|
| 17 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 18 |
| vulnerability |
VCID-wsxe-rr25-efbc |
|
| 19 |
| vulnerability |
VCID-zneb-4cqe-kyaj |
|
| 20 |
| vulnerability |
VCID-ztxp-j5gt-4qdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@4.4.0.Final |
|
| 1 |
| url |
pkg:maven/org.keycloak/keycloak-parent@4.6.0.Final |
| purl |
pkg:maven/org.keycloak/keycloak-parent@4.6.0.Final |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-18mj-nf1g-eudw |
|
| 1 |
| vulnerability |
VCID-3rur-12kv-m7hb |
|
| 2 |
| vulnerability |
VCID-4whe-byzu-uber |
|
| 3 |
| vulnerability |
VCID-84mv-ug5g-a3h9 |
|
| 4 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 5 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 6 |
| vulnerability |
VCID-h6ky-xtx2-augv |
|
| 7 |
| vulnerability |
VCID-hvwy-pv1y-sqeg |
|
| 8 |
| vulnerability |
VCID-kj39-hw6e-3ugc |
|
| 9 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 10 |
| vulnerability |
VCID-mapz-gvsn-2qhj |
|
| 11 |
| vulnerability |
VCID-p3em-yab1-6bbk |
|
| 12 |
| vulnerability |
VCID-rvcz-9csv-gfb4 |
|
| 13 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 14 |
| vulnerability |
VCID-v9s6-g89x-akbd |
|
| 15 |
| vulnerability |
VCID-w2zv-nrcz-nyhj |
|
| 16 |
| vulnerability |
VCID-we56-zj4r-eqdw |
|
| 17 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 18 |
| vulnerability |
VCID-wsxe-rr25-efbc |
|
| 19 |
| vulnerability |
VCID-zneb-4cqe-kyaj |
|
| 20 |
| vulnerability |
VCID-ztxp-j5gt-4qdb |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@4.6.0.Final |
|
|
| aliases |
CVE-2018-14657, GHSA-85v8-vx4w-q684
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pasa-fk1x-dkdz |
|
| 17 |
|
| 18 |
|
| 19 |
| url |
VCID-v9s6-g89x-akbd |
| vulnerability_id |
VCID-v9s6-g89x-akbd |
| summary |
Incorrect Permission Assignment for Critical Resource and Permissive List of Allowed Inputs in Keycloak |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-parent@10.0.0 |
| purl |
pkg:maven/org.keycloak/keycloak-parent@10.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-18mj-nf1g-eudw |
|
| 1 |
| vulnerability |
VCID-3rur-12kv-m7hb |
|
| 2 |
| vulnerability |
VCID-4whe-byzu-uber |
|
| 3 |
| vulnerability |
VCID-7xs3-dzkt-tfgq |
|
| 4 |
| vulnerability |
VCID-84mv-ug5g-a3h9 |
|
| 5 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 6 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 7 |
| vulnerability |
VCID-db3z-zawx-kuc4 |
|
| 8 |
| vulnerability |
VCID-h6ky-xtx2-augv |
|
| 9 |
| vulnerability |
VCID-kj39-hw6e-3ugc |
|
| 10 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 11 |
| vulnerability |
VCID-mapz-gvsn-2qhj |
|
| 12 |
| vulnerability |
VCID-nw7d-d5r1-kua8 |
|
| 13 |
| vulnerability |
VCID-p3em-yab1-6bbk |
|
| 14 |
| vulnerability |
VCID-rvcz-9csv-gfb4 |
|
| 15 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 16 |
| vulnerability |
VCID-w2zv-nrcz-nyhj |
|
| 17 |
| vulnerability |
VCID-we56-zj4r-eqdw |
|
| 18 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 19 |
| vulnerability |
VCID-wsxe-rr25-efbc |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@10.0.0 |
|
|
| aliases |
CVE-2020-1694, GHSA-72j4-94rx-cr6w
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-v9s6-g89x-akbd |
|
| 20 |
| url |
VCID-w2zv-nrcz-nyhj |
| vulnerability_id |
VCID-w2zv-nrcz-nyhj |
| summary |
keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-3782 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38126 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.37937 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38113 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00169 |
| scoring_system |
epss |
| scoring_elements |
0.38138 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-3782 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-3782, GHSA-g8q8-fggx-9r3q, GMS-2022-8407
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w2zv-nrcz-nyhj |
|
| 21 |
|
| 22 |
| url |
VCID-wfeg-6241-cucs |
| vulnerability_id |
VCID-wfeg-6241-cucs |
| summary |
A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-6291 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00181 |
| scoring_system |
epss |
| scoring_elements |
0.39684 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00181 |
| scoring_system |
epss |
| scoring_elements |
0.39694 |
| published_at |
2026-06-13T12:55:00Z |
|
| 2 |
| value |
0.00181 |
| scoring_system |
epss |
| scoring_elements |
0.39499 |
| published_at |
2026-06-11T12:55:00Z |
|
| 3 |
| value |
0.00181 |
| scoring_system |
epss |
| scoring_elements |
0.3967 |
| published_at |
2026-06-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-6291 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-6291, GHSA-mpwq-j3xf-7m5w
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wfeg-6241-cucs |
|
| 23 |
| url |
VCID-wsxe-rr25-efbc |
| vulnerability_id |
VCID-wsxe-rr25-efbc |
| summary |
A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-1518 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.0215 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.02141 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.02144 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00013 |
| scoring_system |
epss |
| scoring_elements |
0.0214 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-1518 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-1518, GHSA-fwhw-chw4-gh37
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wsxe-rr25-efbc |
|
| 24 |
|
| 25 |
| url |
VCID-ztxp-j5gt-4qdb |
| vulnerability_id |
VCID-ztxp-j5gt-4qdb |
| summary |
Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Keycloak |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-1758 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.49187 |
| published_at |
2026-06-12T12:55:00Z |
|
| 1 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.4905 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.49195 |
| published_at |
2026-06-14T12:55:00Z |
|
| 3 |
| value |
0.00254 |
| scoring_system |
epss |
| scoring_elements |
0.49205 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-1758 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.keycloak/keycloak-parent@10.0.0 |
| purl |
pkg:maven/org.keycloak/keycloak-parent@10.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-18mj-nf1g-eudw |
|
| 1 |
| vulnerability |
VCID-3rur-12kv-m7hb |
|
| 2 |
| vulnerability |
VCID-4whe-byzu-uber |
|
| 3 |
| vulnerability |
VCID-7xs3-dzkt-tfgq |
|
| 4 |
| vulnerability |
VCID-84mv-ug5g-a3h9 |
|
| 5 |
| vulnerability |
VCID-c2nr-hks8-4qg1 |
|
| 6 |
| vulnerability |
VCID-cbrs-98sn-mqfq |
|
| 7 |
| vulnerability |
VCID-db3z-zawx-kuc4 |
|
| 8 |
| vulnerability |
VCID-h6ky-xtx2-augv |
|
| 9 |
| vulnerability |
VCID-kj39-hw6e-3ugc |
|
| 10 |
| vulnerability |
VCID-kyss-1ab7-77ef |
|
| 11 |
| vulnerability |
VCID-mapz-gvsn-2qhj |
|
| 12 |
| vulnerability |
VCID-nw7d-d5r1-kua8 |
|
| 13 |
| vulnerability |
VCID-p3em-yab1-6bbk |
|
| 14 |
| vulnerability |
VCID-rvcz-9csv-gfb4 |
|
| 15 |
| vulnerability |
VCID-u9df-phf1-83gr |
|
| 16 |
| vulnerability |
VCID-w2zv-nrcz-nyhj |
|
| 17 |
| vulnerability |
VCID-we56-zj4r-eqdw |
|
| 18 |
| vulnerability |
VCID-wfeg-6241-cucs |
|
| 19 |
| vulnerability |
VCID-wsxe-rr25-efbc |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@10.0.0 |
|
|
| aliases |
CVE-2020-1758, GHSA-c597-f74m-jgc2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ztxp-j5gt-4qdb |
|