Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.keycloak/keycloak-parent@1.2.0.CR1
Typemaven
Namespaceorg.keycloak
Namekeycloak-parent
Version1.2.0.CR1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-1bps-7j9p-a3b6
vulnerability_id VCID-1bps-7j9p-a3b6
summary 
Keycloak Server-Side Request Forgery (SSRF) vulnerability
A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1518.json
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1518.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1518
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02152
published_at 2026-06-08T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02178
published_at 2026-06-05T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.02184
published_at 2026-06-06T12:55:00Z
3
value 0.00013
scoring_system epss
scoring_elements 0.02165
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1518
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2433727
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-02T14:03:51Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2433727
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
5
reference_url https://access.redhat.com/security/cve/CVE-2026-1518
reference_id CVE-2026-1518
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-02T14:03:51Z/
url https://access.redhat.com/security/cve/CVE-2026-1518
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1518
reference_id CVE-2026-1518
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1518
7
reference_url https://github.com/advisories/GHSA-fwhw-chw4-gh37
reference_id GHSA-fwhw-chw4-gh37
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fwhw-chw4-gh37
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@26.5.3
purl pkg:maven/org.keycloak/keycloak-parent@26.5.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rt61-271c-nkgk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@26.5.3
aliases CVE-2026-1518, GHSA-fwhw-chw4-gh37
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1bps-7j9p-a3b6
1
url VCID-2qmw-afpp-7qa8
vulnerability_id VCID-2qmw-afpp-7qa8
summary 
Improper Authentication
A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. This flaw allows an attacker to gain unauthorized access to the application.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1718.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1718.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1718
reference_id
reference_type
scores
0
value 0.00367
scoring_system epss
scoring_elements 0.58951
published_at 2026-06-08T12:55:00Z
1
value 0.00367
scoring_system epss
scoring_elements 0.58922
published_at 2026-06-04T12:55:00Z
2
value 0.00367
scoring_system epss
scoring_elements 0.5897
published_at 2026-06-05T12:55:00Z
3
value 0.00367
scoring_system epss
scoring_elements 0.58974
published_at 2026-06-06T12:55:00Z
4
value 0.00367
scoring_system epss
scoring_elements 0.58966
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1718
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1718
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1718
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1796756
reference_id 1796756
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1796756
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1718
reference_id CVE-2020-1718
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1718
5
reference_url https://github.com/advisories/GHSA-j229-2h63-rvh9
reference_id GHSA-j229-2h63-rvh9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j229-2h63-rvh9
6
reference_url https://access.redhat.com/errata/RHSA-2020:2106
reference_id RHSA-2020:2106
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2106
7
reference_url https://access.redhat.com/errata/RHSA-2020:2107
reference_id RHSA-2020:2107
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2107
8
reference_url https://access.redhat.com/errata/RHSA-2020:2108
reference_id RHSA-2020:2108
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2108
9
reference_url https://access.redhat.com/errata/RHSA-2020:2112
reference_id RHSA-2020:2112
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2112
10
reference_url https://access.redhat.com/errata/RHSA-2020:2252
reference_id RHSA-2020:2252
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2252
11
reference_url https://access.redhat.com/errata/RHSA-2020:2905
reference_id RHSA-2020:2905
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2905
12
reference_url https://access.redhat.com/errata/RHSA-2020:3196
reference_id RHSA-2020:3196
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3196
13
reference_url https://access.redhat.com/errata/RHSA-2020:3197
reference_id RHSA-2020:3197
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3197
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@8.0.0
purl pkg:maven/org.keycloak/keycloak-parent@8.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bps-7j9p-a3b6
1
vulnerability VCID-48jh-8c96-3bc9
2
vulnerability VCID-7662-z35s-9qeq
3
vulnerability VCID-8sqn-nkzx-euec
4
vulnerability VCID-9kte-cfz7-hqa3
5
vulnerability VCID-azxv-y5rj-vkg9
6
vulnerability VCID-gr2e-ntp4-9fdg
7
vulnerability VCID-hr92-2apu-abg5
8
vulnerability VCID-kfxs-f5j7-mfhu
9
vulnerability VCID-ku7s-gnhp-a3du
10
vulnerability VCID-qjhb-ubp5-ukdy
11
vulnerability VCID-rb4v-3kux-4fas
12
vulnerability VCID-rt61-271c-nkgk
13
vulnerability VCID-t8wj-9vkr-hbc6
14
vulnerability VCID-wq2e-1xds-3qah
15
vulnerability VCID-xbkp-kjgd-fqcx
16
vulnerability VCID-xghp-f8g9-akhn
17
vulnerability VCID-y36z-qpqd-37cs
18
vulnerability VCID-y9de-4w6u-abfa
19
vulnerability VCID-yn28-fcm1-zfcs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@8.0.0
aliases CVE-2020-1718, GHSA-j229-2h63-rvh9
risk_score 4.0
exploitability 0.5
weighted_severity 7.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2qmw-afpp-7qa8
2
url VCID-39am-wkz3-8ubu
vulnerability_id VCID-39am-wkz3-8ubu
summary 
Cross-site Scripting
When using `response_mode=form_post` it is possible to inject arbitrary Javascript-Code via the `state`-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:3592
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3592
1
reference_url https://access.redhat.com/errata/RHSA-2018:3593
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3593
2
reference_url https://access.redhat.com/errata/RHSA-2018:3595
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3595
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14655.json
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14655.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14655
reference_id
reference_type
scores
0
value 0.0022
scoring_system epss
scoring_elements 0.44697
published_at 2026-06-08T12:55:00Z
1
value 0.0022
scoring_system epss
scoring_elements 0.44673
published_at 2026-06-04T12:55:00Z
2
value 0.0022
scoring_system epss
scoring_elements 0.44743
published_at 2026-06-05T12:55:00Z
3
value 0.0022
scoring_system epss
scoring_elements 0.4475
published_at 2026-06-06T12:55:00Z
4
value 0.0022
scoring_system epss
scoring_elements 0.44729
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14655
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14655
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14655
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1625396
reference_id 1625396
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1625396
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-14655
reference_id CVE-2018-14655
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-14655
9
reference_url https://github.com/advisories/GHSA-458h-wv48-fq75
reference_id GHSA-458h-wv48-fq75
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-458h-wv48-fq75
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@4.0.0.Beta3
purl pkg:maven/org.keycloak/keycloak-parent@4.0.0.Beta3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bps-7j9p-a3b6
1
vulnerability VCID-2qmw-afpp-7qa8
2
vulnerability VCID-48jh-8c96-3bc9
3
vulnerability VCID-7662-z35s-9qeq
4
vulnerability VCID-8sqn-nkzx-euec
5
vulnerability VCID-97sj-h6z5-gqcj
6
vulnerability VCID-9kte-cfz7-hqa3
7
vulnerability VCID-azxv-y5rj-vkg9
8
vulnerability VCID-bj1j-1evb-wkgr
9
vulnerability VCID-gr2e-ntp4-9fdg
10
vulnerability VCID-hr92-2apu-abg5
11
vulnerability VCID-kfxs-f5j7-mfhu
12
vulnerability VCID-ku7s-gnhp-a3du
13
vulnerability VCID-qjhb-ubp5-ukdy
14
vulnerability VCID-rb4v-3kux-4fas
15
vulnerability VCID-t8wj-9vkr-hbc6
16
vulnerability VCID-wq2e-1xds-3qah
17
vulnerability VCID-xbkp-kjgd-fqcx
18
vulnerability VCID-xghp-f8g9-akhn
19
vulnerability VCID-y36z-qpqd-37cs
20
vulnerability VCID-y9de-4w6u-abfa
21
vulnerability VCID-yn28-fcm1-zfcs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@4.0.0.Beta3
1
url pkg:maven/org.keycloak/keycloak-parent@4.4.0.Final
purl pkg:maven/org.keycloak/keycloak-parent@4.4.0.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bps-7j9p-a3b6
1
vulnerability VCID-2qmw-afpp-7qa8
2
vulnerability VCID-48jh-8c96-3bc9
3
vulnerability VCID-7662-z35s-9qeq
4
vulnerability VCID-8sqn-nkzx-euec
5
vulnerability VCID-97sj-h6z5-gqcj
6
vulnerability VCID-9kte-cfz7-hqa3
7
vulnerability VCID-azxv-y5rj-vkg9
8
vulnerability VCID-gr2e-ntp4-9fdg
9
vulnerability VCID-hr92-2apu-abg5
10
vulnerability VCID-kfxs-f5j7-mfhu
11
vulnerability VCID-ku7s-gnhp-a3du
12
vulnerability VCID-qjhb-ubp5-ukdy
13
vulnerability VCID-rb4v-3kux-4fas
14
vulnerability VCID-t8wj-9vkr-hbc6
15
vulnerability VCID-wq2e-1xds-3qah
16
vulnerability VCID-xbkp-kjgd-fqcx
17
vulnerability VCID-xghp-f8g9-akhn
18
vulnerability VCID-y36z-qpqd-37cs
19
vulnerability VCID-y9de-4w6u-abfa
20
vulnerability VCID-yn28-fcm1-zfcs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@4.4.0.Final
aliases CVE-2018-14655, GHSA-458h-wv48-fq75
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-39am-wkz3-8ubu
3
url VCID-48jh-8c96-3bc9
vulnerability_id VCID-48jh-8c96-3bc9
summary keycloak: path traversal via double URL encoding
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3782.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3782.json
1
reference_url https://access.redhat.com/security/cve/CVE-2022-3782
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-09T13:41:56Z/
url https://access.redhat.com/security/cve/CVE-2022-3782
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3782
reference_id
reference_type
scores
0
value 0.00169
scoring_system epss
scoring_elements 0.37877
published_at 2026-06-08T12:55:00Z
1
value 0.00169
scoring_system epss
scoring_elements 0.37849
published_at 2026-06-04T12:55:00Z
2
value 0.00169
scoring_system epss
scoring_elements 0.3794
published_at 2026-06-05T12:55:00Z
3
value 0.00169
scoring_system epss
scoring_elements 0.37942
published_at 2026-06-06T12:55:00Z
4
value 0.00169
scoring_system epss
scoring_elements 0.37911
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3782
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://github.com/keycloak/keycloak/pull/15982/commits/1987c942f527b9f3bbf2a86ba71ba8ae0154ac37
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/15982/commits/1987c942f527b9f3bbf2a86ba71ba8ae0154ac37
5
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-g8q8-fggx-9r3q
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-g8q8-fggx-9r3q
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-3782
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-3782
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2138971
reference_id 2138971
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2138971
8
reference_url https://github.com/advisories/GHSA-g8q8-fggx-9r3q
reference_id GHSA-g8q8-fggx-9r3q
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g8q8-fggx-9r3q
9
reference_url https://access.redhat.com/errata/RHSA-2023:1285
reference_id RHSA-2023:1285
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1285
10
reference_url https://access.redhat.com/errata/RHSA-2023:1661
reference_id RHSA-2023:1661
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1661
11
reference_url https://access.redhat.com/errata/RHSA-2023:2041
reference_id RHSA-2023:2041
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2041
12
reference_url https://access.redhat.com/errata/RHSA-2023:2135
reference_id RHSA-2023:2135
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2135
13
reference_url https://access.redhat.com/errata/RHSA-2023:3185
reference_id RHSA-2023:3185
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3185
14
reference_url https://access.redhat.com/errata/RHSA-2023:3815
reference_id RHSA-2023:3815
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3815
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@20.0.1
purl pkg:maven/org.keycloak/keycloak-parent@20.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bps-7j9p-a3b6
1
vulnerability VCID-azxv-y5rj-vkg9
2
vulnerability VCID-ku7s-gnhp-a3du
3
vulnerability VCID-rt61-271c-nkgk
4
vulnerability VCID-xbkp-kjgd-fqcx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@20.0.1
1
url pkg:maven/org.keycloak/keycloak-parent@20.0.2
purl pkg:maven/org.keycloak/keycloak-parent@20.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bps-7j9p-a3b6
1
vulnerability VCID-ku7s-gnhp-a3du
2
vulnerability VCID-rt61-271c-nkgk
3
vulnerability VCID-xbkp-kjgd-fqcx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@20.0.2
aliases CVE-2022-3782, GHSA-g8q8-fggx-9r3q, GMS-2022-8407
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-48jh-8c96-3bc9
4
url VCID-7662-z35s-9qeq
vulnerability_id VCID-7662-z35s-9qeq
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3513.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3513.json
1
reference_url https://access.redhat.com/security/cve/CVE-2021-3513
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2021-3513
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3513
reference_id
reference_type
scores
0
value 0.00201
scoring_system epss
scoring_elements 0.42085
published_at 2026-06-08T12:55:00Z
1
value 0.00201
scoring_system epss
scoring_elements 0.42063
published_at 2026-06-04T12:55:00Z
2
value 0.00201
scoring_system epss
scoring_elements 0.42137
published_at 2026-06-05T12:55:00Z
3
value 0.00201
scoring_system epss
scoring_elements 0.42148
published_at 2026-06-06T12:55:00Z
4
value 0.00201
scoring_system epss
scoring_elements 0.4212
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3513
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://github.com/keycloak/keycloak/pull/7976
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/7976
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3513
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3513
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1953439
reference_id 1953439
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1953439
7
reference_url https://security.archlinux.org/ASA-202105-6
reference_id ASA-202105-6
reference_type
scores
url https://security.archlinux.org/ASA-202105-6
8
reference_url https://security.archlinux.org/AVG-1926
reference_id AVG-1926
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1926
9
reference_url https://github.com/advisories/GHSA-xv7h-95r7-595j
reference_id GHSA-xv7h-95r7-595j
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xv7h-95r7-595j
10
reference_url https://access.redhat.com/errata/RHSA-2021:3527
reference_id RHSA-2021:3527
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3527
11
reference_url https://access.redhat.com/errata/RHSA-2021:3528
reference_id RHSA-2021:3528
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3528
12
reference_url https://access.redhat.com/errata/RHSA-2021:3529
reference_id RHSA-2021:3529
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3529
13
reference_url https://access.redhat.com/errata/RHSA-2021:3534
reference_id RHSA-2021:3534
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3534
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@13.0.0
purl pkg:maven/org.keycloak/keycloak-parent@13.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1a4q-f36b-43aq
1
vulnerability VCID-1bps-7j9p-a3b6
2
vulnerability VCID-2ju8-s2gd-b3ee
3
vulnerability VCID-48jh-8c96-3bc9
4
vulnerability VCID-8sqn-nkzx-euec
5
vulnerability VCID-azxv-y5rj-vkg9
6
vulnerability VCID-kfxs-f5j7-mfhu
7
vulnerability VCID-ku7s-gnhp-a3du
8
vulnerability VCID-qjhb-ubp5-ukdy
9
vulnerability VCID-rt61-271c-nkgk
10
vulnerability VCID-t8wj-9vkr-hbc6
11
vulnerability VCID-xbkp-kjgd-fqcx
12
vulnerability VCID-yn28-fcm1-zfcs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@13.0.0
aliases CVE-2021-3513, GHSA-xv7h-95r7-595j
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7662-z35s-9qeq
5
url VCID-7ddy-c7pe-97cd
vulnerability_id VCID-7ddy-c7pe-97cd
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server.
references
0
reference_url https://access.redhat.com/errata/RHSA-2017:2904
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2904
1
reference_url https://access.redhat.com/errata/RHSA-2017:2905
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2905
2
reference_url https://access.redhat.com/errata/RHSA-2017:2906
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2906
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12158.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12158.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12158
reference_id
reference_type
scores
0
value 0.00668
scoring_system epss
scoring_elements 0.71683
published_at 2026-06-08T12:55:00Z
1
value 0.00668
scoring_system epss
scoring_elements 0.71674
published_at 2026-06-04T12:55:00Z
2
value 0.00668
scoring_system epss
scoring_elements 0.71715
published_at 2026-06-05T12:55:00Z
3
value 0.00668
scoring_system epss
scoring_elements 0.71721
published_at 2026-06-06T12:55:00Z
4
value 0.00668
scoring_system epss
scoring_elements 0.71697
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12158
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1489161
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1489161
6
reference_url https://web.archive.org/web/20210124114020/http://www.securityfocus.com/bid/101618
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210124114020/http://www.securityfocus.com/bid/101618
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12158
reference_id CVE-2017-12158
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-12158
8
reference_url https://github.com/advisories/GHSA-v38p-mqq3-m6v5
reference_id GHSA-v38p-mqq3-m6v5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v38p-mqq3-m6v5
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@3.4.0.Final
purl pkg:maven/org.keycloak/keycloak-parent@3.4.0.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bps-7j9p-a3b6
1
vulnerability VCID-2qmw-afpp-7qa8
2
vulnerability VCID-39am-wkz3-8ubu
3
vulnerability VCID-48jh-8c96-3bc9
4
vulnerability VCID-7662-z35s-9qeq
5
vulnerability VCID-8sqn-nkzx-euec
6
vulnerability VCID-97sj-h6z5-gqcj
7
vulnerability VCID-9kte-cfz7-hqa3
8
vulnerability VCID-azxv-y5rj-vkg9
9
vulnerability VCID-bj1j-1evb-wkgr
10
vulnerability VCID-gr2e-ntp4-9fdg
11
vulnerability VCID-hr92-2apu-abg5
12
vulnerability VCID-kfxs-f5j7-mfhu
13
vulnerability VCID-ku7s-gnhp-a3du
14
vulnerability VCID-qjhb-ubp5-ukdy
15
vulnerability VCID-rb4v-3kux-4fas
16
vulnerability VCID-t8wj-9vkr-hbc6
17
vulnerability VCID-wq2e-1xds-3qah
18
vulnerability VCID-xbkp-kjgd-fqcx
19
vulnerability VCID-xghp-f8g9-akhn
20
vulnerability VCID-y36z-qpqd-37cs
21
vulnerability VCID-y9de-4w6u-abfa
22
vulnerability VCID-yn28-fcm1-zfcs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@3.4.0.Final
1
url pkg:maven/org.keycloak/keycloak-parent@3.4.0
purl pkg:maven/org.keycloak/keycloak-parent@3.4.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@3.4.0
aliases CVE-2017-12158, GHSA-v38p-mqq3-m6v5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7ddy-c7pe-97cd
6
url VCID-8sqn-nkzx-euec
vulnerability_id VCID-8sqn-nkzx-euec
summary keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2668.json
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2668.json
1
reference_url https://access.redhat.com/security/cve/CVE-2022-2668
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2022-2668
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2668
reference_id
reference_type
scores
0
value 0.00473
scoring_system epss
scoring_elements 0.65087
published_at 2026-06-08T12:55:00Z
1
value 0.00473
scoring_system epss
scoring_elements 0.65057
published_at 2026-06-04T12:55:00Z
2
value 0.00473
scoring_system epss
scoring_elements 0.65099
published_at 2026-06-07T12:55:00Z
3
value 0.00473
scoring_system epss
scoring_elements 0.6511
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2668
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://github.com/keycloak/keycloak/commit/e2ae7eef39b27e48ffa4764995d558555f02838c
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/e2ae7eef39b27e48ffa4764995d558555f02838c
5
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-2668
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-2668
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2115392
reference_id 2115392
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2115392
8
reference_url https://github.com/advisories/GHSA-wf7g-7h6h-678v
reference_id GHSA-wf7g-7h6h-678v
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wf7g-7h6h-678v
9
reference_url https://access.redhat.com/errata/RHSA-2022:6782
reference_id RHSA-2022:6782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6782
10
reference_url https://access.redhat.com/errata/RHSA-2022:6783
reference_id RHSA-2022:6783
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6783
11
reference_url https://access.redhat.com/errata/RHSA-2022:6787
reference_id RHSA-2022:6787
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6787
12
reference_url https://access.redhat.com/errata/RHSA-2022:7409
reference_id RHSA-2022:7409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7409
13
reference_url https://access.redhat.com/errata/RHSA-2022:7410
reference_id RHSA-2022:7410
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7410
14
reference_url https://access.redhat.com/errata/RHSA-2022:7411
reference_id RHSA-2022:7411
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7411
15
reference_url https://access.redhat.com/errata/RHSA-2022:7417
reference_id RHSA-2022:7417
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7417
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@19.0.2
purl pkg:maven/org.keycloak/keycloak-parent@19.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bps-7j9p-a3b6
1
vulnerability VCID-48jh-8c96-3bc9
2
vulnerability VCID-azxv-y5rj-vkg9
3
vulnerability VCID-ku7s-gnhp-a3du
4
vulnerability VCID-rt61-271c-nkgk
5
vulnerability VCID-xbkp-kjgd-fqcx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@19.0.2
aliases CVE-2022-2668, GHSA-wf7g-7h6h-678v
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8sqn-nkzx-euec
7
url VCID-97sj-h6z5-gqcj
vulnerability_id VCID-97sj-h6z5-gqcj
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1717.json
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1717.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1717
reference_id
reference_type
scores
0
value 0.00183
scoring_system epss
scoring_elements 0.39798
published_at 2026-06-08T12:55:00Z
1
value 0.00183
scoring_system epss
scoring_elements 0.39851
published_at 2026-06-06T12:55:00Z
2
value 0.00183
scoring_system epss
scoring_elements 0.39825
published_at 2026-06-07T12:55:00Z
3
value 0.00183
scoring_system epss
scoring_elements 0.39762
published_at 2026-06-04T12:55:00Z
4
value 0.00183
scoring_system epss
scoring_elements 0.39848
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1717
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1796281
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1796281
3
reference_url https://issues.jboss.org/browse/KEYCLOAK-12014
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://issues.jboss.org/browse/KEYCLOAK-12014
4
reference_url https://security.archlinux.org/AVG-1332
reference_id AVG-1332
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1332
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1717
reference_id CVE-2020-1717
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1717
6
reference_url https://github.com/advisories/GHSA-rvfc-g8j5-9ccf
reference_id GHSA-rvfc-g8j5-9ccf
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rvfc-g8j5-9ccf
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@8.0.0
purl pkg:maven/org.keycloak/keycloak-parent@8.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bps-7j9p-a3b6
1
vulnerability VCID-48jh-8c96-3bc9
2
vulnerability VCID-7662-z35s-9qeq
3
vulnerability VCID-8sqn-nkzx-euec
4
vulnerability VCID-9kte-cfz7-hqa3
5
vulnerability VCID-azxv-y5rj-vkg9
6
vulnerability VCID-gr2e-ntp4-9fdg
7
vulnerability VCID-hr92-2apu-abg5
8
vulnerability VCID-kfxs-f5j7-mfhu
9
vulnerability VCID-ku7s-gnhp-a3du
10
vulnerability VCID-qjhb-ubp5-ukdy
11
vulnerability VCID-rb4v-3kux-4fas
12
vulnerability VCID-rt61-271c-nkgk
13
vulnerability VCID-t8wj-9vkr-hbc6
14
vulnerability VCID-wq2e-1xds-3qah
15
vulnerability VCID-xbkp-kjgd-fqcx
16
vulnerability VCID-xghp-f8g9-akhn
17
vulnerability VCID-y36z-qpqd-37cs
18
vulnerability VCID-y9de-4w6u-abfa
19
vulnerability VCID-yn28-fcm1-zfcs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@8.0.0
aliases CVE-2020-1717, GHSA-rvfc-g8j5-9ccf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-97sj-h6z5-gqcj
8
url VCID-9kte-cfz7-hqa3
vulnerability_id VCID-9kte-cfz7-hqa3
summary 
Improper Certificate Validation
A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1758.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1758.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1758
reference_id
reference_type
scores
0
value 0.00254
scoring_system epss
scoring_elements 0.48969
published_at 2026-06-08T12:55:00Z
1
value 0.00254
scoring_system epss
scoring_elements 0.48946
published_at 2026-06-04T12:55:00Z
2
value 0.00254
scoring_system epss
scoring_elements 0.49007
published_at 2026-06-05T12:55:00Z
3
value 0.00254
scoring_system epss
scoring_elements 0.49016
published_at 2026-06-06T12:55:00Z
4
value 0.00254
scoring_system epss
scoring_elements 0.49
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1758
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1758
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1758
3
reference_url https://issues.redhat.com/browse/KEYCLOAK-13285
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/KEYCLOAK-13285
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1812514
reference_id 1812514
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1812514
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1758
reference_id CVE-2020-1758
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1758
6
reference_url https://github.com/advisories/GHSA-c597-f74m-jgc2
reference_id GHSA-c597-f74m-jgc2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c597-f74m-jgc2
7
reference_url https://access.redhat.com/errata/RHSA-2020:2106
reference_id RHSA-2020:2106
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2106
8
reference_url https://access.redhat.com/errata/RHSA-2020:2107
reference_id RHSA-2020:2107
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2107
9
reference_url https://access.redhat.com/errata/RHSA-2020:2108
reference_id RHSA-2020:2108
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2108
10
reference_url https://access.redhat.com/errata/RHSA-2020:2112
reference_id RHSA-2020:2112
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2112
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@10.0.0
purl pkg:maven/org.keycloak/keycloak-parent@10.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bps-7j9p-a3b6
1
vulnerability VCID-2ju8-s2gd-b3ee
2
vulnerability VCID-48jh-8c96-3bc9
3
vulnerability VCID-6gee-p7fr-1yhy
4
vulnerability VCID-7662-z35s-9qeq
5
vulnerability VCID-8sqn-nkzx-euec
6
vulnerability VCID-azxv-y5rj-vkg9
7
vulnerability VCID-gr2e-ntp4-9fdg
8
vulnerability VCID-hr92-2apu-abg5
9
vulnerability VCID-kfxs-f5j7-mfhu
10
vulnerability VCID-ku7s-gnhp-a3du
11
vulnerability VCID-qjhb-ubp5-ukdy
12
vulnerability VCID-rb4v-3kux-4fas
13
vulnerability VCID-rt61-271c-nkgk
14
vulnerability VCID-t8wj-9vkr-hbc6
15
vulnerability VCID-wq2e-1xds-3qah
16
vulnerability VCID-xbkp-kjgd-fqcx
17
vulnerability VCID-y36z-qpqd-37cs
18
vulnerability VCID-y9de-4w6u-abfa
19
vulnerability VCID-yn28-fcm1-zfcs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@10.0.0
aliases CVE-2020-1758, GHSA-c597-f74m-jgc2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9kte-cfz7-hqa3
9
url VCID-azxv-y5rj-vkg9
vulnerability_id VCID-azxv-y5rj-vkg9
summary 
Insufficient Session Expiration
A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.
references
0
reference_url https://access.redhat.com/errata/RHSA-2022:8961
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2022:8961
1
reference_url https://access.redhat.com/errata/RHSA-2022:8962
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2022:8962
2
reference_url https://access.redhat.com/errata/RHSA-2022:8963
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2022:8963
3
reference_url https://access.redhat.com/errata/RHSA-2022:8964
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2022:8964
4
reference_url https://access.redhat.com/errata/RHSA-2022:8965
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2022:8965
5
reference_url https://access.redhat.com/errata/RHSA-2023:1043
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2023:1043
6
reference_url https://access.redhat.com/errata/RHSA-2023:1044
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2023:1044
7
reference_url https://access.redhat.com/errata/RHSA-2023:1045
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2023:1045
8
reference_url https://access.redhat.com/errata/RHSA-2023:1047
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2023:1047
9
reference_url https://access.redhat.com/errata/RHSA-2023:1049
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/errata/RHSA-2023:1049
10
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json
11
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3916
reference_id
reference_type
scores
0
value 0.00226
scoring_system epss
scoring_elements 0.45539
published_at 2026-06-05T12:55:00Z
1
value 0.00226
scoring_system epss
scoring_elements 0.45498
published_at 2026-06-08T12:55:00Z
2
value 0.00226
scoring_system epss
scoring_elements 0.45523
published_at 2026-06-07T12:55:00Z
3
value 0.00226
scoring_system epss
scoring_elements 0.45543
published_at 2026-06-06T12:55:00Z
4
value 0.00226
scoring_system epss
scoring_elements 0.4547
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3916
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2141404
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2141404
13
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6.1
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
reference_id cpe:/a:redhat:rhosemc:1.0::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
20
reference_url https://access.redhat.com/security/cve/CVE-2022-3916
reference_id CVE-2022-3916
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/
url https://access.redhat.com/security/cve/CVE-2022-3916
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-3916
reference_id CVE-2022-3916
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-3916
22
reference_url https://github.com/advisories/GHSA-97g8-xfvw-q4hg
reference_id GHSA-97g8-xfvw-q4hg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-97g8-xfvw-q4hg
23
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg
reference_id GHSA-97g8-xfvw-q4hg
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@20.0.2
purl pkg:maven/org.keycloak/keycloak-parent@20.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bps-7j9p-a3b6
1
vulnerability VCID-ku7s-gnhp-a3du
2
vulnerability VCID-rt61-271c-nkgk
3
vulnerability VCID-xbkp-kjgd-fqcx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@20.0.2
aliases CVE-2022-3916, GHSA-97g8-xfvw-q4hg, GMS-2022-8406
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-azxv-y5rj-vkg9
10
url VCID-bj1j-1evb-wkgr
vulnerability_id VCID-bj1j-1evb-wkgr
summary 
Improper Authentication
When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:3592
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3592
1
reference_url https://access.redhat.com/errata/RHSA-2018:3593
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3593
2
reference_url https://access.redhat.com/errata/RHSA-2018:3595
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3595
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14657.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14657.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14657
reference_id
reference_type
scores
0
value 0.00346
scoring_system epss
scoring_elements 0.57467
published_at 2026-06-08T12:55:00Z
1
value 0.00346
scoring_system epss
scoring_elements 0.57428
published_at 2026-06-04T12:55:00Z
2
value 0.00346
scoring_system epss
scoring_elements 0.57481
published_at 2026-06-05T12:55:00Z
3
value 0.00346
scoring_system epss
scoring_elements 0.5749
published_at 2026-06-06T12:55:00Z
4
value 0.00346
scoring_system epss
scoring_elements 0.5748
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14657
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14657
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14657
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1625404
reference_id 1625404
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1625404
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-14657
reference_id CVE-2018-14657
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-14657
9
reference_url https://github.com/advisories/GHSA-85v8-vx4w-q684
reference_id GHSA-85v8-vx4w-q684
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-85v8-vx4w-q684
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@4.4.0.Final
purl pkg:maven/org.keycloak/keycloak-parent@4.4.0.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bps-7j9p-a3b6
1
vulnerability VCID-2qmw-afpp-7qa8
2
vulnerability VCID-48jh-8c96-3bc9
3
vulnerability VCID-7662-z35s-9qeq
4
vulnerability VCID-8sqn-nkzx-euec
5
vulnerability VCID-97sj-h6z5-gqcj
6
vulnerability VCID-9kte-cfz7-hqa3
7
vulnerability VCID-azxv-y5rj-vkg9
8
vulnerability VCID-gr2e-ntp4-9fdg
9
vulnerability VCID-hr92-2apu-abg5
10
vulnerability VCID-kfxs-f5j7-mfhu
11
vulnerability VCID-ku7s-gnhp-a3du
12
vulnerability VCID-qjhb-ubp5-ukdy
13
vulnerability VCID-rb4v-3kux-4fas
14
vulnerability VCID-t8wj-9vkr-hbc6
15
vulnerability VCID-wq2e-1xds-3qah
16
vulnerability VCID-xbkp-kjgd-fqcx
17
vulnerability VCID-xghp-f8g9-akhn
18
vulnerability VCID-y36z-qpqd-37cs
19
vulnerability VCID-y9de-4w6u-abfa
20
vulnerability VCID-yn28-fcm1-zfcs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@4.4.0.Final
1
url pkg:maven/org.keycloak/keycloak-parent@4.6.0.Final
purl pkg:maven/org.keycloak/keycloak-parent@4.6.0.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bps-7j9p-a3b6
1
vulnerability VCID-2qmw-afpp-7qa8
2
vulnerability VCID-48jh-8c96-3bc9
3
vulnerability VCID-7662-z35s-9qeq
4
vulnerability VCID-8sqn-nkzx-euec
5
vulnerability VCID-97sj-h6z5-gqcj
6
vulnerability VCID-9kte-cfz7-hqa3
7
vulnerability VCID-azxv-y5rj-vkg9
8
vulnerability VCID-gr2e-ntp4-9fdg
9
vulnerability VCID-hr92-2apu-abg5
10
vulnerability VCID-kfxs-f5j7-mfhu
11
vulnerability VCID-ku7s-gnhp-a3du
12
vulnerability VCID-qjhb-ubp5-ukdy
13
vulnerability VCID-rb4v-3kux-4fas
14
vulnerability VCID-t8wj-9vkr-hbc6
15
vulnerability VCID-wq2e-1xds-3qah
16
vulnerability VCID-xbkp-kjgd-fqcx
17
vulnerability VCID-xghp-f8g9-akhn
18
vulnerability VCID-y36z-qpqd-37cs
19
vulnerability VCID-y9de-4w6u-abfa
20
vulnerability VCID-yn28-fcm1-zfcs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@4.6.0.Final
aliases CVE-2018-14657, GHSA-85v8-vx4w-q684
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bj1j-1evb-wkgr
11
url VCID-gr2e-ntp4-9fdg
vulnerability_id VCID-gr2e-ntp4-9fdg
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1725
reference_id
reference_type
scores
0
value 0.00115
scoring_system epss
scoring_elements 0.29711
published_at 2026-06-08T12:55:00Z
1
value 0.00115
scoring_system epss
scoring_elements 0.29778
published_at 2026-06-06T12:55:00Z
2
value 0.00115
scoring_system epss
scoring_elements 0.29745
published_at 2026-06-07T12:55:00Z
3
value 0.00115
scoring_system epss
scoring_elements 0.29746
published_at 2026-06-04T12:55:00Z
4
value 0.00115
scoring_system epss
scoring_elements 0.29814
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1725
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1765129
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1765129
3
reference_url https://issues.redhat.com/browse/KEYCLOAK-16550
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/KEYCLOAK-16550
4
reference_url https://security.archlinux.org/AVG-1332
reference_id AVG-1332
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1332
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1725
reference_id CVE-2020-1725
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1725
6
reference_url https://github.com/advisories/GHSA-p225-pc2x-4jpm
reference_id GHSA-p225-pc2x-4jpm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p225-pc2x-4jpm
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@13.0.0
purl pkg:maven/org.keycloak/keycloak-parent@13.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1a4q-f36b-43aq
1
vulnerability VCID-1bps-7j9p-a3b6
2
vulnerability VCID-2ju8-s2gd-b3ee
3
vulnerability VCID-48jh-8c96-3bc9
4
vulnerability VCID-8sqn-nkzx-euec
5
vulnerability VCID-azxv-y5rj-vkg9
6
vulnerability VCID-kfxs-f5j7-mfhu
7
vulnerability VCID-ku7s-gnhp-a3du
8
vulnerability VCID-qjhb-ubp5-ukdy
9
vulnerability VCID-rt61-271c-nkgk
10
vulnerability VCID-t8wj-9vkr-hbc6
11
vulnerability VCID-xbkp-kjgd-fqcx
12
vulnerability VCID-yn28-fcm1-zfcs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@13.0.0
aliases CVE-2020-1725, GHSA-p225-pc2x-4jpm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gr2e-ntp4-9fdg
12
url VCID-hr92-2apu-abg5
vulnerability_id VCID-hr92-2apu-abg5
summary 
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14366.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14366.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-14366
reference_id
reference_type
scores
0
value 0.00384
scoring_system epss
scoring_elements 0.60005
published_at 2026-06-08T12:55:00Z
1
value 0.00384
scoring_system epss
scoring_elements 0.59983
published_at 2026-06-04T12:55:00Z
2
value 0.00384
scoring_system epss
scoring_elements 0.60031
published_at 2026-06-05T12:55:00Z
3
value 0.00384
scoring_system epss
scoring_elements 0.60034
published_at 2026-06-06T12:55:00Z
4
value 0.00384
scoring_system epss
scoring_elements 0.60022
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-14366
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14366
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14366
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1869764
reference_id 1869764
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1869764
4
reference_url https://security.archlinux.org/AVG-1471
reference_id AVG-1471
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1471
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-14366
reference_id CVE-2020-14366
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-14366
6
reference_url https://github.com/advisories/GHSA-cp67-8w3w-6h9c
reference_id GHSA-cp67-8w3w-6h9c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cp67-8w3w-6h9c
7
reference_url https://access.redhat.com/errata/RHSA-2020:4931
reference_id RHSA-2020:4931
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4931
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@12.0.0
purl pkg:maven/org.keycloak/keycloak-parent@12.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1a4q-f36b-43aq
1
vulnerability VCID-1bps-7j9p-a3b6
2
vulnerability VCID-2ju8-s2gd-b3ee
3
vulnerability VCID-48jh-8c96-3bc9
4
vulnerability VCID-6gee-p7fr-1yhy
5
vulnerability VCID-7662-z35s-9qeq
6
vulnerability VCID-8sqn-nkzx-euec
7
vulnerability VCID-azxv-y5rj-vkg9
8
vulnerability VCID-gr2e-ntp4-9fdg
9
vulnerability VCID-kfxs-f5j7-mfhu
10
vulnerability VCID-ku7s-gnhp-a3du
11
vulnerability VCID-qjhb-ubp5-ukdy
12
vulnerability VCID-rb4v-3kux-4fas
13
vulnerability VCID-rt61-271c-nkgk
14
vulnerability VCID-t8wj-9vkr-hbc6
15
vulnerability VCID-xbkp-kjgd-fqcx
16
vulnerability VCID-yn28-fcm1-zfcs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@12.0.0
aliases CVE-2020-14366, GHSA-cp67-8w3w-6h9c
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hr92-2apu-abg5
13
url VCID-kfxs-f5j7-mfhu
vulnerability_id VCID-kfxs-f5j7-mfhu
summary keycloak: improper input validation permits script injection
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2256.json
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2256.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2256
reference_id
reference_type
scores
0
value 0.00882
scoring_system epss
scoring_elements 0.75738
published_at 2026-06-04T12:55:00Z
1
value 0.00882
scoring_system epss
scoring_elements 0.75741
published_at 2026-06-08T12:55:00Z
2
value 0.00882
scoring_system epss
scoring_elements 0.75753
published_at 2026-06-07T12:55:00Z
3
value 0.00882
scoring_system epss
scoring_elements 0.75763
published_at 2026-06-06T12:55:00Z
4
value 0.00882
scoring_system epss
scoring_elements 0.75766
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2256
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/8e705a65ab2aa2b079374ec859ee7a75fad5a7d9
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/8e705a65ab2aa2b079374ec859ee7a75fad5a7d9
4
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-2256
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-2256
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2101942
reference_id 2101942
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2101942
7
reference_url https://github.com/advisories/GHSA-w9mf-83w3-fv49
reference_id GHSA-w9mf-83w3-fv49
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w9mf-83w3-fv49
8
reference_url https://access.redhat.com/errata/RHSA-2022:6782
reference_id RHSA-2022:6782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6782
9
reference_url https://access.redhat.com/errata/RHSA-2022:6783
reference_id RHSA-2022:6783
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6783
10
reference_url https://access.redhat.com/errata/RHSA-2022:6787
reference_id RHSA-2022:6787
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6787
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@19.0.2
purl pkg:maven/org.keycloak/keycloak-parent@19.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bps-7j9p-a3b6
1
vulnerability VCID-48jh-8c96-3bc9
2
vulnerability VCID-azxv-y5rj-vkg9
3
vulnerability VCID-ku7s-gnhp-a3du
4
vulnerability VCID-rt61-271c-nkgk
5
vulnerability VCID-xbkp-kjgd-fqcx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@19.0.2
aliases CVE-2022-2256, GHSA-w9mf-83w3-fv49
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kfxs-f5j7-mfhu
14
url VCID-ku7s-gnhp-a3du
vulnerability_id VCID-ku7s-gnhp-a3du
summary 
Keycloak has Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer" authentication scheme. It accepts non-standard characters (such as tabs) as separators and tolerates case variations that deviate from RFC 6750 specifications.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:3947
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/
url https://access.redhat.com/errata/RHSA-2026:3947
1
reference_url https://access.redhat.com/errata/RHSA-2026:3948
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/
url https://access.redhat.com/errata/RHSA-2026:3948
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0707.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0707.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-0707
reference_id
reference_type
scores
0
value 0.00021
scoring_system epss
scoring_elements 0.06226
published_at 2026-06-07T12:55:00Z
1
value 0.00022
scoring_system epss
scoring_elements 0.06527
published_at 2026-06-06T12:55:00Z
2
value 0.00023
scoring_system epss
scoring_elements 0.06672
published_at 2026-06-08T12:55:00Z
3
value 0.0003
scoring_system epss
scoring_elements 0.09225
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-0707
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2427768
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2427768
5
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
6
reference_url https://github.com/keycloak/keycloak/issues/49433
reference_id 49433
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/
url https://github.com/keycloak/keycloak/issues/49433
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
8
reference_url https://access.redhat.com/security/cve/CVE-2026-0707
reference_id CVE-2026-0707
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/
url https://access.redhat.com/security/cve/CVE-2026-0707
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-0707
reference_id CVE-2026-0707
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-0707
10
reference_url https://github.com/advisories/GHSA-gv94-wp4h-vv8p
reference_id GHSA-gv94-wp4h-vv8p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gv94-wp4h-vv8p
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@26.5.1
purl pkg:maven/org.keycloak/keycloak-parent@26.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bps-7j9p-a3b6
1
vulnerability VCID-rt61-271c-nkgk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@26.5.1
aliases CVE-2026-0707, GHSA-gv94-wp4h-vv8p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ku7s-gnhp-a3du
15
url VCID-qjhb-ubp5-ukdy
vulnerability_id VCID-qjhb-ubp5-ukdy
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3632.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3632.json
1
reference_url https://access.redhat.com/security/cve/CVE-2021-3632
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2021-3632
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3632
reference_id
reference_type
scores
0
value 0.00503
scoring_system epss
scoring_elements 0.66468
published_at 2026-06-08T12:55:00Z
1
value 0.00503
scoring_system epss
scoring_elements 0.6645
published_at 2026-06-04T12:55:00Z
2
value 0.00503
scoring_system epss
scoring_elements 0.6649
published_at 2026-06-05T12:55:00Z
3
value 0.00503
scoring_system epss
scoring_elements 0.66498
published_at 2026-06-06T12:55:00Z
4
value 0.00503
scoring_system epss
scoring_elements 0.66482
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3632
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4
5
reference_url https://github.com/keycloak/keycloak/pull/8203
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/8203
6
reference_url https://issues.redhat.com/browse/KEYCLOAK-18500
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/KEYCLOAK-18500
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3632
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3632
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1978196
reference_id 1978196
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1978196
9
reference_url https://security.archlinux.org/AVG-1332
reference_id AVG-1332
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1332
10
reference_url https://github.com/advisories/GHSA-qpq9-jpv4-6gwr
reference_id GHSA-qpq9-jpv4-6gwr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qpq9-jpv4-6gwr
11
reference_url https://access.redhat.com/errata/RHSA-2021:3527
reference_id RHSA-2021:3527
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3527
12
reference_url https://access.redhat.com/errata/RHSA-2021:3528
reference_id RHSA-2021:3528
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3528
13
reference_url https://access.redhat.com/errata/RHSA-2021:3529
reference_id RHSA-2021:3529
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3529
14
reference_url https://access.redhat.com/errata/RHSA-2021:3534
reference_id RHSA-2021:3534
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3534
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@15.1.0
purl pkg:maven/org.keycloak/keycloak-parent@15.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1a4q-f36b-43aq
1
vulnerability VCID-1bps-7j9p-a3b6
2
vulnerability VCID-2ju8-s2gd-b3ee
3
vulnerability VCID-48jh-8c96-3bc9
4
vulnerability VCID-8sqn-nkzx-euec
5
vulnerability VCID-azxv-y5rj-vkg9
6
vulnerability VCID-kfxs-f5j7-mfhu
7
vulnerability VCID-ku7s-gnhp-a3du
8
vulnerability VCID-rt61-271c-nkgk
9
vulnerability VCID-xbkp-kjgd-fqcx
10
vulnerability VCID-yn28-fcm1-zfcs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@15.1.0
aliases CVE-2021-3632, GHSA-qpq9-jpv4-6gwr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qjhb-ubp5-ukdy
16
url VCID-rb4v-3kux-4fas
vulnerability_id VCID-rb4v-3kux-4fas
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14359.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14359.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-14359
reference_id
reference_type
scores
0
value 0.00259
scoring_system epss
scoring_elements 0.49484
published_at 2026-06-08T12:55:00Z
1
value 0.00259
scoring_system epss
scoring_elements 0.49513
published_at 2026-06-07T12:55:00Z
2
value 0.00259
scoring_system epss
scoring_elements 0.49529
published_at 2026-06-06T12:55:00Z
3
value 0.00259
scoring_system epss
scoring_elements 0.49519
published_at 2026-06-05T12:55:00Z
4
value 0.00259
scoring_system epss
scoring_elements 0.49456
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-14359
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1868591
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1868591
3
reference_url https://github.com/keycloak/keycloak-gatekeeper
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak-gatekeeper
4
reference_url https://github.com/keycloak/keycloak/issues/12934
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/12934
5
reference_url https://issues.jboss.org/browse/KEYCLOAK-14090
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.jboss.org/browse/KEYCLOAK-14090
6
reference_url https://web.archive.org/web/20190613000352/github.com/keycloak/keycloak-gatekeeper
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20190613000352/github.com/keycloak/keycloak-gatekeeper
7
reference_url https://security.archlinux.org/AVG-1332
reference_id AVG-1332
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1332
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-14359
reference_id CVE-2020-14359
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-14359
9
reference_url https://github.com/advisories/GHSA-jh6m-3pqw-242h
reference_id GHSA-jh6m-3pqw-242h
reference_type
scores
url https://github.com/advisories/GHSA-jh6m-3pqw-242h
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@13.0.0
purl pkg:maven/org.keycloak/keycloak-parent@13.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1a4q-f36b-43aq
1
vulnerability VCID-1bps-7j9p-a3b6
2
vulnerability VCID-2ju8-s2gd-b3ee
3
vulnerability VCID-48jh-8c96-3bc9
4
vulnerability VCID-8sqn-nkzx-euec
5
vulnerability VCID-azxv-y5rj-vkg9
6
vulnerability VCID-kfxs-f5j7-mfhu
7
vulnerability VCID-ku7s-gnhp-a3du
8
vulnerability VCID-qjhb-ubp5-ukdy
9
vulnerability VCID-rt61-271c-nkgk
10
vulnerability VCID-t8wj-9vkr-hbc6
11
vulnerability VCID-xbkp-kjgd-fqcx
12
vulnerability VCID-yn28-fcm1-zfcs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@13.0.0
aliases CVE-2020-14359, GHSA-jh6m-3pqw-242h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rb4v-3kux-4fas
17
url VCID-rwt9-kx6n-dfae
vulnerability_id VCID-rwt9-kx6n-dfae
summary 
Insufficient Session Expiration
It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An attacker could use this flaw to gain access to an authenticated user session, leading to possible information disclosure or further attacks.
references
0
reference_url https://access.redhat.com/errata/RHSA-2017:2904
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2904
1
reference_url https://access.redhat.com/errata/RHSA-2017:2905
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2905
2
reference_url https://access.redhat.com/errata/RHSA-2017:2906
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2906
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12159.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12159.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12159
reference_id
reference_type
scores
0
value 0.00588
scoring_system epss
scoring_elements 0.69531
published_at 2026-06-08T12:55:00Z
1
value 0.00588
scoring_system epss
scoring_elements 0.69506
published_at 2026-06-04T12:55:00Z
2
value 0.00588
scoring_system epss
scoring_elements 0.69545
published_at 2026-06-05T12:55:00Z
3
value 0.00588
scoring_system epss
scoring_elements 0.69553
published_at 2026-06-06T12:55:00Z
4
value 0.00588
scoring_system epss
scoring_elements 0.69543
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12159
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1484111
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1484111
6
reference_url https://github.com/keycloak/keycloak/commit/9b75b603e3a5f5ba6deff13cbb45b070bf2d2239
reference_id
reference_type
scores
url https://github.com/keycloak/keycloak/commit/9b75b603e3a5f5ba6deff13cbb45b070bf2d2239
7
reference_url https://web.archive.org/web/20210124113906/http://www.securityfocus.com/bid/101601
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210124113906/http://www.securityfocus.com/bid/101601
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12159
reference_id CVE-2017-12159
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-12159
9
reference_url https://github.com/advisories/GHSA-7fmw-85qm-h22p
reference_id GHSA-7fmw-85qm-h22p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7fmw-85qm-h22p
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@3.4.0.Final
purl pkg:maven/org.keycloak/keycloak-parent@3.4.0.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bps-7j9p-a3b6
1
vulnerability VCID-2qmw-afpp-7qa8
2
vulnerability VCID-39am-wkz3-8ubu
3
vulnerability VCID-48jh-8c96-3bc9
4
vulnerability VCID-7662-z35s-9qeq
5
vulnerability VCID-8sqn-nkzx-euec
6
vulnerability VCID-97sj-h6z5-gqcj
7
vulnerability VCID-9kte-cfz7-hqa3
8
vulnerability VCID-azxv-y5rj-vkg9
9
vulnerability VCID-bj1j-1evb-wkgr
10
vulnerability VCID-gr2e-ntp4-9fdg
11
vulnerability VCID-hr92-2apu-abg5
12
vulnerability VCID-kfxs-f5j7-mfhu
13
vulnerability VCID-ku7s-gnhp-a3du
14
vulnerability VCID-qjhb-ubp5-ukdy
15
vulnerability VCID-rb4v-3kux-4fas
16
vulnerability VCID-t8wj-9vkr-hbc6
17
vulnerability VCID-wq2e-1xds-3qah
18
vulnerability VCID-xbkp-kjgd-fqcx
19
vulnerability VCID-xghp-f8g9-akhn
20
vulnerability VCID-y36z-qpqd-37cs
21
vulnerability VCID-y9de-4w6u-abfa
22
vulnerability VCID-yn28-fcm1-zfcs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@3.4.0.Final
1
url pkg:maven/org.keycloak/keycloak-parent@3.4.0
purl pkg:maven/org.keycloak/keycloak-parent@3.4.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@3.4.0
aliases CVE-2017-12159, GHSA-7fmw-85qm-h22p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rwt9-kx6n-dfae
18
url VCID-t8wj-9vkr-hbc6
vulnerability_id VCID-t8wj-9vkr-hbc6
summary 
Allocation of Resources Without Limits or Throttling
A flaw was found in keycloak-model-infinispan in keycloak where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3637.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3637.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3637
reference_id
reference_type
scores
0
value 0.00468
scoring_system epss
scoring_elements 0.64856
published_at 2026-06-08T12:55:00Z
1
value 0.00468
scoring_system epss
scoring_elements 0.64826
published_at 2026-06-04T12:55:00Z
2
value 0.00468
scoring_system epss
scoring_elements 0.64868
published_at 2026-06-05T12:55:00Z
3
value 0.00468
scoring_system epss
scoring_elements 0.64878
published_at 2026-06-06T12:55:00Z
4
value 0.00468
scoring_system epss
scoring_elements 0.64867
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3637
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1979638
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1979638
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3637
reference_id CVE-2021-3637
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3637
4
reference_url https://github.com/advisories/GHSA-2vp8-jv5v-6qh6
reference_id GHSA-2vp8-jv5v-6qh6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2vp8-jv5v-6qh6
5
reference_url https://access.redhat.com/errata/RHSA-2021:3527
reference_id RHSA-2021:3527
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3527
6
reference_url https://access.redhat.com/errata/RHSA-2021:3528
reference_id RHSA-2021:3528
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3528
7
reference_url https://access.redhat.com/errata/RHSA-2021:3529
reference_id RHSA-2021:3529
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3529
8
reference_url https://access.redhat.com/errata/RHSA-2021:3534
reference_id RHSA-2021:3534
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3534
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@14.0.0
purl pkg:maven/org.keycloak/keycloak-parent@14.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1a4q-f36b-43aq
1
vulnerability VCID-1bps-7j9p-a3b6
2
vulnerability VCID-2ju8-s2gd-b3ee
3
vulnerability VCID-48jh-8c96-3bc9
4
vulnerability VCID-8sqn-nkzx-euec
5
vulnerability VCID-azxv-y5rj-vkg9
6
vulnerability VCID-kfxs-f5j7-mfhu
7
vulnerability VCID-ku7s-gnhp-a3du
8
vulnerability VCID-qjhb-ubp5-ukdy
9
vulnerability VCID-rt61-271c-nkgk
10
vulnerability VCID-xbkp-kjgd-fqcx
11
vulnerability VCID-yn28-fcm1-zfcs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@14.0.0
aliases CVE-2021-3637, GHSA-2vp8-jv5v-6qh6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t8wj-9vkr-hbc6
19
url VCID-u18w-zxb4-5khp
vulnerability_id VCID-u18w-zxb4-5khp
summary 
Improper Authentication
It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attacks.
references
0
reference_url https://access.redhat.com/errata/RHSA-2017:2904
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2904
1
reference_url https://access.redhat.com/errata/RHSA-2017:2905
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2905
2
reference_url https://access.redhat.com/errata/RHSA-2017:2906
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:2906
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12160.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12160.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12160
reference_id
reference_type
scores
0
value 0.00571
scoring_system epss
scoring_elements 0.69026
published_at 2026-06-08T12:55:00Z
1
value 0.00571
scoring_system epss
scoring_elements 0.69
published_at 2026-06-04T12:55:00Z
2
value 0.00571
scoring_system epss
scoring_elements 0.69039
published_at 2026-06-05T12:55:00Z
3
value 0.00571
scoring_system epss
scoring_elements 0.69049
published_at 2026-06-06T12:55:00Z
4
value 0.00571
scoring_system epss
scoring_elements 0.69042
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12160
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1484154
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1484154
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12160
reference_id CVE-2017-12160
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-12160
8
reference_url https://github.com/advisories/GHSA-qc72-gfvw-76h7
reference_id GHSA-qc72-gfvw-76h7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qc72-gfvw-76h7
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@3.3.0.Final
purl pkg:maven/org.keycloak/keycloak-parent@3.3.0.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bps-7j9p-a3b6
1
vulnerability VCID-2qmw-afpp-7qa8
2
vulnerability VCID-39am-wkz3-8ubu
3
vulnerability VCID-48jh-8c96-3bc9
4
vulnerability VCID-7662-z35s-9qeq
5
vulnerability VCID-7ddy-c7pe-97cd
6
vulnerability VCID-8sqn-nkzx-euec
7
vulnerability VCID-97sj-h6z5-gqcj
8
vulnerability VCID-9kte-cfz7-hqa3
9
vulnerability VCID-azxv-y5rj-vkg9
10
vulnerability VCID-bj1j-1evb-wkgr
11
vulnerability VCID-gr2e-ntp4-9fdg
12
vulnerability VCID-hr92-2apu-abg5
13
vulnerability VCID-kfxs-f5j7-mfhu
14
vulnerability VCID-ku7s-gnhp-a3du
15
vulnerability VCID-qjhb-ubp5-ukdy
16
vulnerability VCID-rb4v-3kux-4fas
17
vulnerability VCID-rwt9-kx6n-dfae
18
vulnerability VCID-t8wj-9vkr-hbc6
19
vulnerability VCID-u18w-zxb4-5khp
20
vulnerability VCID-wq2e-1xds-3qah
21
vulnerability VCID-xbkp-kjgd-fqcx
22
vulnerability VCID-xghp-f8g9-akhn
23
vulnerability VCID-y36z-qpqd-37cs
24
vulnerability VCID-y9de-4w6u-abfa
25
vulnerability VCID-yn28-fcm1-zfcs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@3.3.0.Final
1
url pkg:maven/org.keycloak/keycloak-parent@3.4.0.CR1
purl pkg:maven/org.keycloak/keycloak-parent@3.4.0.CR1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bps-7j9p-a3b6
1
vulnerability VCID-2qmw-afpp-7qa8
2
vulnerability VCID-39am-wkz3-8ubu
3
vulnerability VCID-48jh-8c96-3bc9
4
vulnerability VCID-7662-z35s-9qeq
5
vulnerability VCID-7ddy-c7pe-97cd
6
vulnerability VCID-8sqn-nkzx-euec
7
vulnerability VCID-97sj-h6z5-gqcj
8
vulnerability VCID-9kte-cfz7-hqa3
9
vulnerability VCID-azxv-y5rj-vkg9
10
vulnerability VCID-bj1j-1evb-wkgr
11
vulnerability VCID-gr2e-ntp4-9fdg
12
vulnerability VCID-hr92-2apu-abg5
13
vulnerability VCID-kfxs-f5j7-mfhu
14
vulnerability VCID-ku7s-gnhp-a3du
15
vulnerability VCID-qjhb-ubp5-ukdy
16
vulnerability VCID-rb4v-3kux-4fas
17
vulnerability VCID-rwt9-kx6n-dfae
18
vulnerability VCID-t8wj-9vkr-hbc6
19
vulnerability VCID-wq2e-1xds-3qah
20
vulnerability VCID-xbkp-kjgd-fqcx
21
vulnerability VCID-xghp-f8g9-akhn
22
vulnerability VCID-y36z-qpqd-37cs
23
vulnerability VCID-y9de-4w6u-abfa
24
vulnerability VCID-yn28-fcm1-zfcs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@3.4.0.CR1
aliases CVE-2017-12160, GHSA-qc72-gfvw-76h7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u18w-zxb4-5khp
20
url VCID-wq2e-1xds-3qah
vulnerability_id VCID-wq2e-1xds-3qah
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A flaw was found in Keycloak's data filter, in version 10.0.1, where it allowed the processing of data URLs in some circumstances. This flaw allows an attacker to conduct cross-site scripting or further attacks.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10748.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10748.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10748
reference_id
reference_type
scores
0
value 0.00354
scoring_system epss
scoring_elements 0.58037
published_at 2026-06-08T12:55:00Z
1
value 0.00354
scoring_system epss
scoring_elements 0.58003
published_at 2026-06-04T12:55:00Z
2
value 0.00354
scoring_system epss
scoring_elements 0.58053
published_at 2026-06-05T12:55:00Z
3
value 0.00354
scoring_system epss
scoring_elements 0.58062
published_at 2026-06-06T12:55:00Z
4
value 0.00354
scoring_system epss
scoring_elements 0.58051
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10748
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1836786
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1836786
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10748
reference_id CVE-2020-10748
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10748
4
reference_url https://github.com/advisories/GHSA-hgpg-593r-hhvp
reference_id GHSA-hgpg-593r-hhvp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hgpg-593r-hhvp
5
reference_url https://access.redhat.com/errata/RHSA-2020:2813
reference_id RHSA-2020:2813
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2813
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@10.0.2
purl pkg:maven/org.keycloak/keycloak-parent@10.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bps-7j9p-a3b6
1
vulnerability VCID-2ju8-s2gd-b3ee
2
vulnerability VCID-48jh-8c96-3bc9
3
vulnerability VCID-6gee-p7fr-1yhy
4
vulnerability VCID-7662-z35s-9qeq
5
vulnerability VCID-8sqn-nkzx-euec
6
vulnerability VCID-azxv-y5rj-vkg9
7
vulnerability VCID-gr2e-ntp4-9fdg
8
vulnerability VCID-hr92-2apu-abg5
9
vulnerability VCID-kfxs-f5j7-mfhu
10
vulnerability VCID-ku7s-gnhp-a3du
11
vulnerability VCID-qjhb-ubp5-ukdy
12
vulnerability VCID-rb4v-3kux-4fas
13
vulnerability VCID-rt61-271c-nkgk
14
vulnerability VCID-t8wj-9vkr-hbc6
15
vulnerability VCID-xbkp-kjgd-fqcx
16
vulnerability VCID-y36z-qpqd-37cs
17
vulnerability VCID-y9de-4w6u-abfa
18
vulnerability VCID-yn28-fcm1-zfcs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@10.0.2
aliases CVE-2020-10748, GHSA-hgpg-593r-hhvp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wq2e-1xds-3qah
21
url VCID-xbkp-kjgd-fqcx
vulnerability_id VCID-xbkp-kjgd-fqcx
summary 
URL Redirection to Untrusted Site ('Open Redirect')
A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.
references
0
reference_url https://access.redhat.com/errata/RHSA-2023:7854
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7854
1
reference_url https://access.redhat.com/errata/RHSA-2023:7855
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7855
2
reference_url https://access.redhat.com/errata/RHSA-2023:7856
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7856
3
reference_url https://access.redhat.com/errata/RHSA-2023:7857
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7857
4
reference_url https://access.redhat.com/errata/RHSA-2023:7858
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7858
5
reference_url https://access.redhat.com/errata/RHSA-2023:7860
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7860
6
reference_url https://access.redhat.com/errata/RHSA-2023:7861
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/errata/RHSA-2023:7861
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-6291
reference_id
reference_type
scores
0
value 0.00181
scoring_system epss
scoring_elements 0.39437
published_at 2026-06-08T12:55:00Z
1
value 0.00181
scoring_system epss
scoring_elements 0.39491
published_at 2026-06-05T12:55:00Z
2
value 0.00181
scoring_system epss
scoring_elements 0.39496
published_at 2026-06-06T12:55:00Z
3
value 0.00181
scoring_system epss
scoring_elements 0.39467
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-6291
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2251407
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2251407
10
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
11
reference_url https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22
reference_id cpe:/a:redhat:build_keycloak:22
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9
reference_id cpe:/a:redhat:build_keycloak:22::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
reference_id cpe:/a:redhat:jboss_data_grid:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
reference_id cpe:/a:redhat:jboss_data_grid:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_bpms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_id cpe:/a:redhat:jboss_enterprise_brms_platform:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6
reference_id cpe:/a:redhat:migration_toolkit_applications:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7
reference_id cpe:/a:redhat:migration_toolkit_applications:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6.6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
reference_id cpe:/a:redhat:rhosemc:1.0::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1
reference_id cpe:/a:redhat:serverless:1
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1
29
reference_url https://access.redhat.com/security/cve/CVE-2023-6291
reference_id CVE-2023-6291
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/
url https://access.redhat.com/security/cve/CVE-2023-6291
30
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-6291
reference_id CVE-2023-6291
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-6291
31
reference_url https://github.com/advisories/GHSA-mpwq-j3xf-7m5w
reference_id GHSA-mpwq-j3xf-7m5w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mpwq-j3xf-7m5w
32
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w
reference_id GHSA-mpwq-j3xf-7m5w
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@23.0.0
purl pkg:maven/org.keycloak/keycloak-parent@23.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bps-7j9p-a3b6
1
vulnerability VCID-ku7s-gnhp-a3du
2
vulnerability VCID-rt61-271c-nkgk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@23.0.0
aliases CVE-2023-6291, GHSA-mpwq-j3xf-7m5w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xbkp-kjgd-fqcx
22
url VCID-xghp-f8g9-akhn
vulnerability_id VCID-xghp-f8g9-akhn
summary 
Incorrect Permission Assignment for Critical Resource
A flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their permissions.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1694.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1694.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1694
reference_id
reference_type
scores
0
value 0.00275
scoring_system epss
scoring_elements 0.51196
published_at 2026-06-08T12:55:00Z
1
value 0.00275
scoring_system epss
scoring_elements 0.51179
published_at 2026-06-04T12:55:00Z
2
value 0.00275
scoring_system epss
scoring_elements 0.51241
published_at 2026-06-05T12:55:00Z
3
value 0.00275
scoring_system epss
scoring_elements 0.51246
published_at 2026-06-06T12:55:00Z
4
value 0.00275
scoring_system epss
scoring_elements 0.51226
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1694
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1790759
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1790759
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1694
reference_id CVE-2020-1694
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1694
4
reference_url https://github.com/advisories/GHSA-72j4-94rx-cr6w
reference_id GHSA-72j4-94rx-cr6w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-72j4-94rx-cr6w
5
reference_url https://access.redhat.com/errata/RHSA-2020:2813
reference_id RHSA-2020:2813
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2813
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@10.0.0
purl pkg:maven/org.keycloak/keycloak-parent@10.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bps-7j9p-a3b6
1
vulnerability VCID-2ju8-s2gd-b3ee
2
vulnerability VCID-48jh-8c96-3bc9
3
vulnerability VCID-6gee-p7fr-1yhy
4
vulnerability VCID-7662-z35s-9qeq
5
vulnerability VCID-8sqn-nkzx-euec
6
vulnerability VCID-azxv-y5rj-vkg9
7
vulnerability VCID-gr2e-ntp4-9fdg
8
vulnerability VCID-hr92-2apu-abg5
9
vulnerability VCID-kfxs-f5j7-mfhu
10
vulnerability VCID-ku7s-gnhp-a3du
11
vulnerability VCID-qjhb-ubp5-ukdy
12
vulnerability VCID-rb4v-3kux-4fas
13
vulnerability VCID-rt61-271c-nkgk
14
vulnerability VCID-t8wj-9vkr-hbc6
15
vulnerability VCID-wq2e-1xds-3qah
16
vulnerability VCID-xbkp-kjgd-fqcx
17
vulnerability VCID-y36z-qpqd-37cs
18
vulnerability VCID-y9de-4w6u-abfa
19
vulnerability VCID-yn28-fcm1-zfcs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@10.0.0
aliases CVE-2020-1694, GHSA-72j4-94rx-cr6w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xghp-f8g9-akhn
23
url VCID-y36z-qpqd-37cs
vulnerability_id VCID-y36z-qpqd-37cs
summary 
Allocation of Resources Without Limits or Throttling
A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10758.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10758.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10758
reference_id
reference_type
scores
0
value 0.00529
scoring_system epss
scoring_elements 0.67573
published_at 2026-06-08T12:55:00Z
1
value 0.00529
scoring_system epss
scoring_elements 0.67552
published_at 2026-06-04T12:55:00Z
2
value 0.00529
scoring_system epss
scoring_elements 0.67593
published_at 2026-06-05T12:55:00Z
3
value 0.00529
scoring_system epss
scoring_elements 0.676
published_at 2026-06-06T12:55:00Z
4
value 0.00529
scoring_system epss
scoring_elements 0.6759
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10758
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1843849
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1843849
3
reference_url https://github.com/keycloak/keycloak/commit/bee4ca89897766c4b68856eafe14f1a3dad34251
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/bee4ca89897766c4b68856eafe14f1a3dad34251
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10758
reference_id CVE-2020-10758
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10758
5
reference_url https://github.com/advisories/GHSA-52rg-hpwq-qp56
reference_id GHSA-52rg-hpwq-qp56
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-52rg-hpwq-qp56
6
reference_url https://access.redhat.com/errata/RHSA-2020:3495
reference_id RHSA-2020:3495
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3495
7
reference_url https://access.redhat.com/errata/RHSA-2020:3496
reference_id RHSA-2020:3496
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3496
8
reference_url https://access.redhat.com/errata/RHSA-2020:3497
reference_id RHSA-2020:3497
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3497
9
reference_url https://access.redhat.com/errata/RHSA-2020:3501
reference_id RHSA-2020:3501
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3501
10
reference_url https://access.redhat.com/errata/RHSA-2020:3539
reference_id RHSA-2020:3539
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3539
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@11.0.1
purl pkg:maven/org.keycloak/keycloak-parent@11.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bps-7j9p-a3b6
1
vulnerability VCID-2ju8-s2gd-b3ee
2
vulnerability VCID-48jh-8c96-3bc9
3
vulnerability VCID-6gee-p7fr-1yhy
4
vulnerability VCID-7662-z35s-9qeq
5
vulnerability VCID-8sqn-nkzx-euec
6
vulnerability VCID-azxv-y5rj-vkg9
7
vulnerability VCID-gr2e-ntp4-9fdg
8
vulnerability VCID-hr92-2apu-abg5
9
vulnerability VCID-kfxs-f5j7-mfhu
10
vulnerability VCID-ku7s-gnhp-a3du
11
vulnerability VCID-qjhb-ubp5-ukdy
12
vulnerability VCID-rb4v-3kux-4fas
13
vulnerability VCID-rt61-271c-nkgk
14
vulnerability VCID-t8wj-9vkr-hbc6
15
vulnerability VCID-xbkp-kjgd-fqcx
16
vulnerability VCID-y9de-4w6u-abfa
17
vulnerability VCID-yn28-fcm1-zfcs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@11.0.1
aliases CVE-2020-10758, GHSA-52rg-hpwq-qp56
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y36z-qpqd-37cs
24
url VCID-y9de-4w6u-abfa
vulnerability_id VCID-y9de-4w6u-abfa
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10776
reference_id
reference_type
scores
0
value 0.00271
scoring_system epss
scoring_elements 0.50755
published_at 2026-06-08T12:55:00Z
1
value 0.00271
scoring_system epss
scoring_elements 0.50741
published_at 2026-06-04T12:55:00Z
2
value 0.00271
scoring_system epss
scoring_elements 0.50801
published_at 2026-06-05T12:55:00Z
3
value 0.00271
scoring_system epss
scoring_elements 0.50807
published_at 2026-06-06T12:55:00Z
4
value 0.00271
scoring_system epss
scoring_elements 0.50785
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10776
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1847428
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1847428
3
reference_url https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10776
reference_id CVE-2020-10776
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10776
5
reference_url https://github.com/advisories/GHSA-484q-784p-8m5h
reference_id GHSA-484q-784p-8m5h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-484q-784p-8m5h
6
reference_url https://access.redhat.com/errata/RHSA-2020:4929
reference_id RHSA-2020:4929
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4929
7
reference_url https://access.redhat.com/errata/RHSA-2020:4930
reference_id RHSA-2020:4930
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4930
8
reference_url https://access.redhat.com/errata/RHSA-2020:4931
reference_id RHSA-2020:4931
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4931
9
reference_url https://access.redhat.com/errata/RHSA-2020:4932
reference_id RHSA-2020:4932
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4932
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@12.0.0
purl pkg:maven/org.keycloak/keycloak-parent@12.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1a4q-f36b-43aq
1
vulnerability VCID-1bps-7j9p-a3b6
2
vulnerability VCID-2ju8-s2gd-b3ee
3
vulnerability VCID-48jh-8c96-3bc9
4
vulnerability VCID-6gee-p7fr-1yhy
5
vulnerability VCID-7662-z35s-9qeq
6
vulnerability VCID-8sqn-nkzx-euec
7
vulnerability VCID-azxv-y5rj-vkg9
8
vulnerability VCID-gr2e-ntp4-9fdg
9
vulnerability VCID-kfxs-f5j7-mfhu
10
vulnerability VCID-ku7s-gnhp-a3du
11
vulnerability VCID-qjhb-ubp5-ukdy
12
vulnerability VCID-rb4v-3kux-4fas
13
vulnerability VCID-rt61-271c-nkgk
14
vulnerability VCID-t8wj-9vkr-hbc6
15
vulnerability VCID-xbkp-kjgd-fqcx
16
vulnerability VCID-yn28-fcm1-zfcs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@12.0.0
aliases CVE-2020-10776, GHSA-484q-784p-8m5h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y9de-4w6u-abfa
25
url VCID-yn28-fcm1-zfcs
vulnerability_id VCID-yn28-fcm1-zfcs
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3827.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3827.json
1
reference_url https://access.redhat.com/security/cve/CVE-2021-3827
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2021-3827
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3827
reference_id
reference_type
scores
0
value 0.00208
scoring_system epss
scoring_elements 0.43241
published_at 2026-06-08T12:55:00Z
1
value 0.00208
scoring_system epss
scoring_elements 0.43218
published_at 2026-06-04T12:55:00Z
2
value 0.00208
scoring_system epss
scoring_elements 0.43291
published_at 2026-06-05T12:55:00Z
3
value 0.00208
scoring_system epss
scoring_elements 0.433
published_at 2026-06-06T12:55:00Z
4
value 0.00208
scoring_system epss
scoring_elements 0.43276
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3827
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3827
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3827
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2007512
reference_id 2007512
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2007512
7
reference_url https://security.archlinux.org/AVG-1332
reference_id AVG-1332
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1332
8
reference_url https://github.com/advisories/GHSA-4pc7-vqv5-5r3v
reference_id GHSA-4pc7-vqv5-5r3v
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4pc7-vqv5-5r3v
9
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-4pc7-vqv5-5r3v
reference_id GHSA-4pc7-vqv5-5r3v
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-4pc7-vqv5-5r3v
10
reference_url https://access.redhat.com/errata/RHSA-2022:0151
reference_id RHSA-2022:0151
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0151
11
reference_url https://access.redhat.com/errata/RHSA-2022:0152
reference_id RHSA-2022:0152
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0152
12
reference_url https://access.redhat.com/errata/RHSA-2022:0155
reference_id RHSA-2022:0155
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0155
13
reference_url https://access.redhat.com/errata/RHSA-2022:0164
reference_id RHSA-2022:0164
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0164
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-parent@18.0.0
purl pkg:maven/org.keycloak/keycloak-parent@18.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bps-7j9p-a3b6
1
vulnerability VCID-48jh-8c96-3bc9
2
vulnerability VCID-8sqn-nkzx-euec
3
vulnerability VCID-azxv-y5rj-vkg9
4
vulnerability VCID-kfxs-f5j7-mfhu
5
vulnerability VCID-ku7s-gnhp-a3du
6
vulnerability VCID-rt61-271c-nkgk
7
vulnerability VCID-xbkp-kjgd-fqcx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@18.0.0
aliases CVE-2021-3827, GHSA-4pc7-vqv5-5r3v, GMS-2022-1098
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yn28-fcm1-zfcs
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@1.2.0.CR1