{"url":"http://public2.vulnerablecode.io/api/packages/62048?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@3.3.0.Final","type":"maven","namespace":"org.keycloak","name":"keycloak-parent","version":"3.3.0.Final","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49913?format=json","vulnerability_id":"VCID-1bps-7j9p-a3b6","summary":"Keycloak Server-Side Request Forgery (SSRF) vulnerability\nA flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1518.json","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1518.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1518","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02184","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02178","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1518"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433727","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-02T14:03:51Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433727"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-1518","reference_id":"CVE-2026-1518","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-02T14:03:51Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-1518"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1518","reference_id":"CVE-2026-1518","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1518"},{"reference_url":"https://github.com/advisories/GHSA-fwhw-chw4-gh37","reference_id":"GHSA-fwhw-chw4-gh37","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fwhw-chw4-gh37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/581487?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@26.5.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rt61-271c-nkgk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@26.5.3"}],"aliases":["CVE-2026-1518","GHSA-fwhw-chw4-gh37"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1bps-7j9p-a3b6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42329?format=json","vulnerability_id":"VCID-2qmw-afpp-7qa8","summary":"Improper Authentication\nA flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. This flaw allows an attacker to gain unauthorized access to the application.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1718.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1718.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1718","reference_id":"","reference_type":"","scores":[{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58974","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58922","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.5897","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1718"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1718","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1718"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1796756","reference_id":"1796756","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1796756"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1718","reference_id":"CVE-2020-1718","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1718"},{"reference_url":"https://github.com/advisories/GHSA-j229-2h63-rvh9","reference_id":"GHSA-j229-2h63-rvh9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j229-2h63-rvh9"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2106","reference_id":"RHSA-2020:2106","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2106"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2107","reference_id":"RHSA-2020:2107","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2107"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2108","reference_id":"RHSA-2020:2108","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2108"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2112","reference_id":"RHSA-2020:2112","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2112"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2252","reference_id":"RHSA-2020:2252","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2905","reference_id":"RHSA-2020:2905","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2905"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3196","reference_id":"RHSA-2020:3196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3197","reference_id":"RHSA-2020:3197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3197"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60518?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@8.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bps-7j9p-a3b6"},{"vulnerability":"VCID-48jh-8c96-3bc9"},{"vulnerability":"VCID-7662-z35s-9qeq"},{"vulnerability":"VCID-8sqn-nkzx-euec"},{"vulnerability":"VCID-9kte-cfz7-hqa3"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-gr2e-ntp4-9fdg"},{"vulnerability":"VCID-hr92-2apu-abg5"},{"vulnerability":"VCID-kfxs-f5j7-mfhu"},{"vulnerability":"VCID-ku7s-gnhp-a3du"},{"vulnerability":"VCID-qjhb-ubp5-ukdy"},{"vulnerability":"VCID-rb4v-3kux-4fas"},{"vulnerability":"VCID-rt61-271c-nkgk"},{"vulnerability":"VCID-t8wj-9vkr-hbc6"},{"vulnerability":"VCID-wq2e-1xds-3qah"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-xghp-f8g9-akhn"},{"vulnerability":"VCID-y36z-qpqd-37cs"},{"vulnerability":"VCID-y9de-4w6u-abfa"},{"vulnerability":"VCID-yn28-fcm1-zfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@8.0.0"}],"aliases":["CVE-2020-1718","GHSA-j229-2h63-rvh9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2qmw-afpp-7qa8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40438?format=json","vulnerability_id":"VCID-39am-wkz3-8ubu","summary":"Cross-site Scripting\nWhen using `response_mode=form_post` it is possible to inject arbitrary Javascript-Code via the `state`-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3592","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3592"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3593","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3593"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3595","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3595"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14655.json","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14655.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14655","reference_id":"","reference_type":"","scores":[{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.4475","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44673","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44743","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14655"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14655","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14655"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1625396","reference_id":"1625396","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1625396"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14655","reference_id":"CVE-2018-14655","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14655"},{"reference_url":"https://github.com/advisories/GHSA-458h-wv48-fq75","reference_id":"GHSA-458h-wv48-fq75","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-458h-wv48-fq75"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/528963?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@4.0.0.Beta3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bps-7j9p-a3b6"},{"vulnerability":"VCID-2qmw-afpp-7qa8"},{"vulnerability":"VCID-48jh-8c96-3bc9"},{"vulnerability":"VCID-7662-z35s-9qeq"},{"vulnerability":"VCID-8sqn-nkzx-euec"},{"vulnerability":"VCID-97sj-h6z5-gqcj"},{"vulnerability":"VCID-9kte-cfz7-hqa3"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-bj1j-1evb-wkgr"},{"vulnerability":"VCID-gr2e-ntp4-9fdg"},{"vulnerability":"VCID-hr92-2apu-abg5"},{"vulnerability":"VCID-kfxs-f5j7-mfhu"},{"vulnerability":"VCID-ku7s-gnhp-a3du"},{"vulnerability":"VCID-qjhb-ubp5-ukdy"},{"vulnerability":"VCID-rb4v-3kux-4fas"},{"vulnerability":"VCID-t8wj-9vkr-hbc6"},{"vulnerability":"VCID-wq2e-1xds-3qah"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-xghp-f8g9-akhn"},{"vulnerability":"VCID-y36z-qpqd-37cs"},{"vulnerability":"VCID-y9de-4w6u-abfa"},{"vulnerability":"VCID-yn28-fcm1-zfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@4.0.0.Beta3"},{"url":"http://public2.vulnerablecode.io/api/packages/528968?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@4.4.0.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bps-7j9p-a3b6"},{"vulnerability":"VCID-2qmw-afpp-7qa8"},{"vulnerability":"VCID-48jh-8c96-3bc9"},{"vulnerability":"VCID-7662-z35s-9qeq"},{"vulnerability":"VCID-8sqn-nkzx-euec"},{"vulnerability":"VCID-97sj-h6z5-gqcj"},{"vulnerability":"VCID-9kte-cfz7-hqa3"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-gr2e-ntp4-9fdg"},{"vulnerability":"VCID-hr92-2apu-abg5"},{"vulnerability":"VCID-kfxs-f5j7-mfhu"},{"vulnerability":"VCID-ku7s-gnhp-a3du"},{"vulnerability":"VCID-qjhb-ubp5-ukdy"},{"vulnerability":"VCID-rb4v-3kux-4fas"},{"vulnerability":"VCID-t8wj-9vkr-hbc6"},{"vulnerability":"VCID-wq2e-1xds-3qah"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-xghp-f8g9-akhn"},{"vulnerability":"VCID-y36z-qpqd-37cs"},{"vulnerability":"VCID-y9de-4w6u-abfa"},{"vulnerability":"VCID-yn28-fcm1-zfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@4.4.0.Final"}],"aliases":["CVE-2018-14655","GHSA-458h-wv48-fq75"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-39am-wkz3-8ubu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99853?format=json","vulnerability_id":"VCID-48jh-8c96-3bc9","summary":"keycloak: path traversal via double URL encoding","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3782.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3782.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2022-3782","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-09T13:41:56Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2022-3782"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3782","reference_id":"","reference_type":"","scores":[{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37942","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.3794","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37849","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3782"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/pull/15982/commits/1987c942f527b9f3bbf2a86ba71ba8ae0154ac37","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/15982/commits/1987c942f527b9f3bbf2a86ba71ba8ae0154ac37"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-g8q8-fggx-9r3q","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-g8q8-fggx-9r3q"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3782","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3782"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2138971","reference_id":"2138971","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2138971"},{"reference_url":"https://github.com/advisories/GHSA-g8q8-fggx-9r3q","reference_id":"GHSA-g8q8-fggx-9r3q","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g8q8-fggx-9r3q"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1285","reference_id":"RHSA-2023:1285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1285"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1661","reference_id":"RHSA-2023:1661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2041","reference_id":"RHSA-2023:2041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2135","reference_id":"RHSA-2023:2135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2135"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3185","reference_id":"RHSA-2023:3185","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3185"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3815","reference_id":"RHSA-2023:3815","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3815"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/581418?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@20.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bps-7j9p-a3b6"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-ku7s-gnhp-a3du"},{"vulnerability":"VCID-rt61-271c-nkgk"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@20.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/67067?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@20.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bps-7j9p-a3b6"},{"vulnerability":"VCID-ku7s-gnhp-a3du"},{"vulnerability":"VCID-rt61-271c-nkgk"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@20.0.2"}],"aliases":["CVE-2022-3782","GHSA-g8q8-fggx-9r3q","GMS-2022-8407"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-48jh-8c96-3bc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5537?format=json","vulnerability_id":"VCID-7662-z35s-9qeq","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3513.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3513.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2021-3513","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2021-3513"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3513","reference_id":"","reference_type":"","scores":[{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42148","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42063","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42137","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3513"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/pull/7976","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/7976"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3513","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3513"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1953439","reference_id":"1953439","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1953439"},{"reference_url":"https://security.archlinux.org/ASA-202105-6","reference_id":"ASA-202105-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202105-6"},{"reference_url":"https://security.archlinux.org/AVG-1926","reference_id":"AVG-1926","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1926"},{"reference_url":"https://github.com/advisories/GHSA-xv7h-95r7-595j","reference_id":"GHSA-xv7h-95r7-595j","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xv7h-95r7-595j"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3527","reference_id":"RHSA-2021:3527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3527"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3528","reference_id":"RHSA-2021:3528","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3528"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3529","reference_id":"RHSA-2021:3529","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3529"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3534","reference_id":"RHSA-2021:3534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3534"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60434?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@13.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1a4q-f36b-43aq"},{"vulnerability":"VCID-1bps-7j9p-a3b6"},{"vulnerability":"VCID-2ju8-s2gd-b3ee"},{"vulnerability":"VCID-48jh-8c96-3bc9"},{"vulnerability":"VCID-8sqn-nkzx-euec"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-kfxs-f5j7-mfhu"},{"vulnerability":"VCID-ku7s-gnhp-a3du"},{"vulnerability":"VCID-qjhb-ubp5-ukdy"},{"vulnerability":"VCID-rt61-271c-nkgk"},{"vulnerability":"VCID-t8wj-9vkr-hbc6"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-yn28-fcm1-zfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@13.0.0"}],"aliases":["CVE-2021-3513","GHSA-xv7h-95r7-595j"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7662-z35s-9qeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43614?format=json","vulnerability_id":"VCID-7ddy-c7pe-97cd","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nIt was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2904","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2904"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2905","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2905"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2906","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2906"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12158.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12158.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12158","reference_id":"","reference_type":"","scores":[{"value":"0.00668","scoring_system":"epss","scoring_elements":"0.71721","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00668","scoring_system":"epss","scoring_elements":"0.71674","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00668","scoring_system":"epss","scoring_elements":"0.71715","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12158"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1489161","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1489161"},{"reference_url":"https://web.archive.org/web/20210124114020/http://www.securityfocus.com/bid/101618","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210124114020/http://www.securityfocus.com/bid/101618"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12158","reference_id":"CVE-2017-12158","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12158"},{"reference_url":"https://github.com/advisories/GHSA-v38p-mqq3-m6v5","reference_id":"GHSA-v38p-mqq3-m6v5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v38p-mqq3-m6v5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62310?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@3.4.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@3.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/528959?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@3.4.0.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bps-7j9p-a3b6"},{"vulnerability":"VCID-2qmw-afpp-7qa8"},{"vulnerability":"VCID-39am-wkz3-8ubu"},{"vulnerability":"VCID-48jh-8c96-3bc9"},{"vulnerability":"VCID-7662-z35s-9qeq"},{"vulnerability":"VCID-8sqn-nkzx-euec"},{"vulnerability":"VCID-97sj-h6z5-gqcj"},{"vulnerability":"VCID-9kte-cfz7-hqa3"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-bj1j-1evb-wkgr"},{"vulnerability":"VCID-gr2e-ntp4-9fdg"},{"vulnerability":"VCID-hr92-2apu-abg5"},{"vulnerability":"VCID-kfxs-f5j7-mfhu"},{"vulnerability":"VCID-ku7s-gnhp-a3du"},{"vulnerability":"VCID-qjhb-ubp5-ukdy"},{"vulnerability":"VCID-rb4v-3kux-4fas"},{"vulnerability":"VCID-t8wj-9vkr-hbc6"},{"vulnerability":"VCID-wq2e-1xds-3qah"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-xghp-f8g9-akhn"},{"vulnerability":"VCID-y36z-qpqd-37cs"},{"vulnerability":"VCID-y9de-4w6u-abfa"},{"vulnerability":"VCID-yn28-fcm1-zfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@3.4.0.Final"}],"aliases":["CVE-2017-12158","GHSA-v38p-mqq3-m6v5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7ddy-c7pe-97cd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102085?format=json","vulnerability_id":"VCID-8sqn-nkzx-euec","summary":"keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2668.json","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2668.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2022-2668","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2022-2668"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2668","reference_id":"","reference_type":"","scores":[{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.6511","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.65057","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.65099","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2668"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/e2ae7eef39b27e48ffa4764995d558555f02838c","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/e2ae7eef39b27e48ffa4764995d558555f02838c"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2668","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2668"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2115392","reference_id":"2115392","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2115392"},{"reference_url":"https://github.com/advisories/GHSA-wf7g-7h6h-678v","reference_id":"GHSA-wf7g-7h6h-678v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wf7g-7h6h-678v"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6782","reference_id":"RHSA-2022:6782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6783","reference_id":"RHSA-2022:6783","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6783"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6787","reference_id":"RHSA-2022:6787","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6787"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7409","reference_id":"RHSA-2022:7409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7410","reference_id":"RHSA-2022:7410","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7410"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7411","reference_id":"RHSA-2022:7411","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7411"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7417","reference_id":"RHSA-2022:7417","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7417"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/146025?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@19.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bps-7j9p-a3b6"},{"vulnerability":"VCID-48jh-8c96-3bc9"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-ku7s-gnhp-a3du"},{"vulnerability":"VCID-rt61-271c-nkgk"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@19.0.2"}],"aliases":["CVE-2022-2668","GHSA-wf7g-7h6h-678v"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8sqn-nkzx-euec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4957?format=json","vulnerability_id":"VCID-97sj-h6z5-gqcj","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1717.json","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1717.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1717","reference_id":"","reference_type":"","scores":[{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.39851","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.39762","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.39848","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1717"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1796281","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1796281"},{"reference_url":"https://issues.jboss.org/browse/KEYCLOAK-12014","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.jboss.org/browse/KEYCLOAK-12014"},{"reference_url":"https://security.archlinux.org/AVG-1332","reference_id":"AVG-1332","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1332"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1717","reference_id":"CVE-2020-1717","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1717"},{"reference_url":"https://github.com/advisories/GHSA-rvfc-g8j5-9ccf","reference_id":"GHSA-rvfc-g8j5-9ccf","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rvfc-g8j5-9ccf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60518?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@8.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bps-7j9p-a3b6"},{"vulnerability":"VCID-48jh-8c96-3bc9"},{"vulnerability":"VCID-7662-z35s-9qeq"},{"vulnerability":"VCID-8sqn-nkzx-euec"},{"vulnerability":"VCID-9kte-cfz7-hqa3"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-gr2e-ntp4-9fdg"},{"vulnerability":"VCID-hr92-2apu-abg5"},{"vulnerability":"VCID-kfxs-f5j7-mfhu"},{"vulnerability":"VCID-ku7s-gnhp-a3du"},{"vulnerability":"VCID-qjhb-ubp5-ukdy"},{"vulnerability":"VCID-rb4v-3kux-4fas"},{"vulnerability":"VCID-rt61-271c-nkgk"},{"vulnerability":"VCID-t8wj-9vkr-hbc6"},{"vulnerability":"VCID-wq2e-1xds-3qah"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-xghp-f8g9-akhn"},{"vulnerability":"VCID-y36z-qpqd-37cs"},{"vulnerability":"VCID-y9de-4w6u-abfa"},{"vulnerability":"VCID-yn28-fcm1-zfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@8.0.0"}],"aliases":["CVE-2020-1717","GHSA-rvfc-g8j5-9ccf"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-97sj-h6z5-gqcj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42323?format=json","vulnerability_id":"VCID-9kte-cfz7-hqa3","summary":"Improper Certificate Validation\nA flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1758.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1758.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1758","reference_id":"","reference_type":"","scores":[{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.49016","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48946","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.49007","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1758"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1758","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1758"},{"reference_url":"https://issues.redhat.com/browse/KEYCLOAK-13285","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/KEYCLOAK-13285"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1812514","reference_id":"1812514","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1812514"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1758","reference_id":"CVE-2020-1758","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1758"},{"reference_url":"https://github.com/advisories/GHSA-c597-f74m-jgc2","reference_id":"GHSA-c597-f74m-jgc2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c597-f74m-jgc2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2106","reference_id":"RHSA-2020:2106","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2106"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2107","reference_id":"RHSA-2020:2107","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2107"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2108","reference_id":"RHSA-2020:2108","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2108"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2112","reference_id":"RHSA-2020:2112","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2112"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60507?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@10.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bps-7j9p-a3b6"},{"vulnerability":"VCID-2ju8-s2gd-b3ee"},{"vulnerability":"VCID-48jh-8c96-3bc9"},{"vulnerability":"VCID-6gee-p7fr-1yhy"},{"vulnerability":"VCID-7662-z35s-9qeq"},{"vulnerability":"VCID-8sqn-nkzx-euec"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-gr2e-ntp4-9fdg"},{"vulnerability":"VCID-hr92-2apu-abg5"},{"vulnerability":"VCID-kfxs-f5j7-mfhu"},{"vulnerability":"VCID-ku7s-gnhp-a3du"},{"vulnerability":"VCID-qjhb-ubp5-ukdy"},{"vulnerability":"VCID-rb4v-3kux-4fas"},{"vulnerability":"VCID-rt61-271c-nkgk"},{"vulnerability":"VCID-t8wj-9vkr-hbc6"},{"vulnerability":"VCID-wq2e-1xds-3qah"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-y36z-qpqd-37cs"},{"vulnerability":"VCID-y9de-4w6u-abfa"},{"vulnerability":"VCID-yn28-fcm1-zfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@10.0.0"}],"aliases":["CVE-2020-1758","GHSA-c597-f74m-jgc2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9kte-cfz7-hqa3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46052?format=json","vulnerability_id":"VCID-azxv-y5rj-vkg9","summary":"Insufficient Session Expiration\nA flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8961","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2022:8961"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8962","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2022:8962"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8963","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2022:8963"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8964","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2022:8964"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8965","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2022:8965"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1043","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:1043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1044","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:1044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1045","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:1045"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1047","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:1047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1049","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:1049"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3916.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3916","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4547","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45543","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45539","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3916"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2141404","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2141404"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6.1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8","reference_id":"cpe:/a:redhat:rhosemc:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2022-3916","reference_id":"CVE-2022-3916","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-13T20:08:01Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2022-3916"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3916","reference_id":"CVE-2022-3916","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3916"},{"reference_url":"https://github.com/advisories/GHSA-97g8-xfvw-q4hg","reference_id":"GHSA-97g8-xfvw-q4hg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-97g8-xfvw-q4hg"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg","reference_id":"GHSA-97g8-xfvw-q4hg","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-97g8-xfvw-q4hg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67067?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@20.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bps-7j9p-a3b6"},{"vulnerability":"VCID-ku7s-gnhp-a3du"},{"vulnerability":"VCID-rt61-271c-nkgk"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@20.0.2"}],"aliases":["CVE-2022-3916","GHSA-97g8-xfvw-q4hg","GMS-2022-8406"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-azxv-y5rj-vkg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40434?format=json","vulnerability_id":"VCID-bj1j-1evb-wkgr","summary":"Improper Authentication\nWhen TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3592","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3592"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3593","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3593"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3595","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3595"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14657.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14657.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14657","reference_id":"","reference_type":"","scores":[{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.5749","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57428","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57481","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14657"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14657","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14657"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1625404","reference_id":"1625404","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1625404"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14657","reference_id":"CVE-2018-14657","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14657"},{"reference_url":"https://github.com/advisories/GHSA-85v8-vx4w-q684","reference_id":"GHSA-85v8-vx4w-q684","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-85v8-vx4w-q684"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/528968?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@4.4.0.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bps-7j9p-a3b6"},{"vulnerability":"VCID-2qmw-afpp-7qa8"},{"vulnerability":"VCID-48jh-8c96-3bc9"},{"vulnerability":"VCID-7662-z35s-9qeq"},{"vulnerability":"VCID-8sqn-nkzx-euec"},{"vulnerability":"VCID-97sj-h6z5-gqcj"},{"vulnerability":"VCID-9kte-cfz7-hqa3"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-gr2e-ntp4-9fdg"},{"vulnerability":"VCID-hr92-2apu-abg5"},{"vulnerability":"VCID-kfxs-f5j7-mfhu"},{"vulnerability":"VCID-ku7s-gnhp-a3du"},{"vulnerability":"VCID-qjhb-ubp5-ukdy"},{"vulnerability":"VCID-rb4v-3kux-4fas"},{"vulnerability":"VCID-t8wj-9vkr-hbc6"},{"vulnerability":"VCID-wq2e-1xds-3qah"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-xghp-f8g9-akhn"},{"vulnerability":"VCID-y36z-qpqd-37cs"},{"vulnerability":"VCID-y9de-4w6u-abfa"},{"vulnerability":"VCID-yn28-fcm1-zfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@4.4.0.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/155681?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@4.6.0.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bps-7j9p-a3b6"},{"vulnerability":"VCID-2qmw-afpp-7qa8"},{"vulnerability":"VCID-48jh-8c96-3bc9"},{"vulnerability":"VCID-7662-z35s-9qeq"},{"vulnerability":"VCID-8sqn-nkzx-euec"},{"vulnerability":"VCID-97sj-h6z5-gqcj"},{"vulnerability":"VCID-9kte-cfz7-hqa3"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-gr2e-ntp4-9fdg"},{"vulnerability":"VCID-hr92-2apu-abg5"},{"vulnerability":"VCID-kfxs-f5j7-mfhu"},{"vulnerability":"VCID-ku7s-gnhp-a3du"},{"vulnerability":"VCID-qjhb-ubp5-ukdy"},{"vulnerability":"VCID-rb4v-3kux-4fas"},{"vulnerability":"VCID-t8wj-9vkr-hbc6"},{"vulnerability":"VCID-wq2e-1xds-3qah"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-xghp-f8g9-akhn"},{"vulnerability":"VCID-y36z-qpqd-37cs"},{"vulnerability":"VCID-y9de-4w6u-abfa"},{"vulnerability":"VCID-yn28-fcm1-zfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@4.6.0.Final"}],"aliases":["CVE-2018-14657","GHSA-85v8-vx4w-q684"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bj1j-1evb-wkgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4955?format=json","vulnerability_id":"VCID-gr2e-ntp4-9fdg","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1725.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1725","reference_id":"","reference_type":"","scores":[{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29778","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29746","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29814","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1725"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1765129","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1765129"},{"reference_url":"https://issues.redhat.com/browse/KEYCLOAK-16550","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/KEYCLOAK-16550"},{"reference_url":"https://security.archlinux.org/AVG-1332","reference_id":"AVG-1332","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1332"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1725","reference_id":"CVE-2020-1725","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1725"},{"reference_url":"https://github.com/advisories/GHSA-p225-pc2x-4jpm","reference_id":"GHSA-p225-pc2x-4jpm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p225-pc2x-4jpm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60434?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@13.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1a4q-f36b-43aq"},{"vulnerability":"VCID-1bps-7j9p-a3b6"},{"vulnerability":"VCID-2ju8-s2gd-b3ee"},{"vulnerability":"VCID-48jh-8c96-3bc9"},{"vulnerability":"VCID-8sqn-nkzx-euec"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-kfxs-f5j7-mfhu"},{"vulnerability":"VCID-ku7s-gnhp-a3du"},{"vulnerability":"VCID-qjhb-ubp5-ukdy"},{"vulnerability":"VCID-rt61-271c-nkgk"},{"vulnerability":"VCID-t8wj-9vkr-hbc6"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-yn28-fcm1-zfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@13.0.0"}],"aliases":["CVE-2020-1725","GHSA-p225-pc2x-4jpm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gr2e-ntp4-9fdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42286?format=json","vulnerability_id":"VCID-hr92-2apu-abg5","summary":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nA vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14366.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14366.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14366","reference_id":"","reference_type":"","scores":[{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.60034","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.59983","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00384","scoring_system":"epss","scoring_elements":"0.60031","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14366"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14366","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14366"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1869764","reference_id":"1869764","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1869764"},{"reference_url":"https://security.archlinux.org/AVG-1471","reference_id":"AVG-1471","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1471"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14366","reference_id":"CVE-2020-14366","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14366"},{"reference_url":"https://github.com/advisories/GHSA-cp67-8w3w-6h9c","reference_id":"GHSA-cp67-8w3w-6h9c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cp67-8w3w-6h9c"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4931","reference_id":"RHSA-2020:4931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4931"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60275?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@12.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1a4q-f36b-43aq"},{"vulnerability":"VCID-1bps-7j9p-a3b6"},{"vulnerability":"VCID-2ju8-s2gd-b3ee"},{"vulnerability":"VCID-48jh-8c96-3bc9"},{"vulnerability":"VCID-6gee-p7fr-1yhy"},{"vulnerability":"VCID-7662-z35s-9qeq"},{"vulnerability":"VCID-8sqn-nkzx-euec"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-gr2e-ntp4-9fdg"},{"vulnerability":"VCID-kfxs-f5j7-mfhu"},{"vulnerability":"VCID-ku7s-gnhp-a3du"},{"vulnerability":"VCID-qjhb-ubp5-ukdy"},{"vulnerability":"VCID-rb4v-3kux-4fas"},{"vulnerability":"VCID-rt61-271c-nkgk"},{"vulnerability":"VCID-t8wj-9vkr-hbc6"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-yn28-fcm1-zfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@12.0.0"}],"aliases":["CVE-2020-14366","GHSA-cp67-8w3w-6h9c"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hr92-2apu-abg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102496?format=json","vulnerability_id":"VCID-kfxs-f5j7-mfhu","summary":"keycloak: improper input validation permits script injection","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2256.json","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2256.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2256","reference_id":"","reference_type":"","scores":[{"value":"0.00882","scoring_system":"epss","scoring_elements":"0.75763","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00882","scoring_system":"epss","scoring_elements":"0.75766","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00882","scoring_system":"epss","scoring_elements":"0.75738","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2256"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/8e705a65ab2aa2b079374ec859ee7a75fad5a7d9","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/8e705a65ab2aa2b079374ec859ee7a75fad5a7d9"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2256","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2256"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2101942","reference_id":"2101942","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2101942"},{"reference_url":"https://github.com/advisories/GHSA-w9mf-83w3-fv49","reference_id":"GHSA-w9mf-83w3-fv49","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w9mf-83w3-fv49"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6782","reference_id":"RHSA-2022:6782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6783","reference_id":"RHSA-2022:6783","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6783"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6787","reference_id":"RHSA-2022:6787","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6787"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/146025?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@19.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bps-7j9p-a3b6"},{"vulnerability":"VCID-48jh-8c96-3bc9"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-ku7s-gnhp-a3du"},{"vulnerability":"VCID-rt61-271c-nkgk"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@19.0.2"}],"aliases":["CVE-2022-2256","GHSA-w9mf-83w3-fv49"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kfxs-f5j7-mfhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49632?format=json","vulnerability_id":"VCID-ku7s-gnhp-a3du","summary":"Keycloak has Incorrect Behavior Order: Authorization Before Parsing and Canonicalization\nA flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the \"Bearer\" authentication scheme. It accepts non-standard characters (such as tabs) as separators and tolerates case variations that deviate from RFC 6750 specifications.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3947","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3947"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3948","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3948"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0707.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0707.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0707","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06527","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.09225","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-0707"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427768","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2427768"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-0707","reference_id":"CVE-2026-0707","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-0707"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0707","reference_id":"CVE-2026-0707","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0707"},{"reference_url":"https://github.com/advisories/GHSA-gv94-wp4h-vv8p","reference_id":"GHSA-gv94-wp4h-vv8p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gv94-wp4h-vv8p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/581486?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@26.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bps-7j9p-a3b6"},{"vulnerability":"VCID-rt61-271c-nkgk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@26.5.1"}],"aliases":["CVE-2026-0707","GHSA-gv94-wp4h-vv8p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ku7s-gnhp-a3du"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4952?format=json","vulnerability_id":"VCID-qjhb-ubp5-ukdy","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3632.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3632.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2021-3632","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2021-3632"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3632","reference_id":"","reference_type":"","scores":[{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66498","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.6645","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.6649","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3632"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4"},{"reference_url":"https://github.com/keycloak/keycloak/pull/8203","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/8203"},{"reference_url":"https://issues.redhat.com/browse/KEYCLOAK-18500","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/KEYCLOAK-18500"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3632","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3632"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1978196","reference_id":"1978196","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1978196"},{"reference_url":"https://security.archlinux.org/AVG-1332","reference_id":"AVG-1332","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1332"},{"reference_url":"https://github.com/advisories/GHSA-qpq9-jpv4-6gwr","reference_id":"GHSA-qpq9-jpv4-6gwr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qpq9-jpv4-6gwr"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3527","reference_id":"RHSA-2021:3527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3527"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3528","reference_id":"RHSA-2021:3528","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3528"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3529","reference_id":"RHSA-2021:3529","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3529"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3534","reference_id":"RHSA-2021:3534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3534"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/504243?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@15.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1a4q-f36b-43aq"},{"vulnerability":"VCID-1bps-7j9p-a3b6"},{"vulnerability":"VCID-2ju8-s2gd-b3ee"},{"vulnerability":"VCID-48jh-8c96-3bc9"},{"vulnerability":"VCID-8sqn-nkzx-euec"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-kfxs-f5j7-mfhu"},{"vulnerability":"VCID-ku7s-gnhp-a3du"},{"vulnerability":"VCID-rt61-271c-nkgk"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-yn28-fcm1-zfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@15.1.0"}],"aliases":["CVE-2021-3632","GHSA-qpq9-jpv4-6gwr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qjhb-ubp5-ukdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4958?format=json","vulnerability_id":"VCID-rb4v-3kux-4fas","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14359.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14359.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14359","reference_id":"","reference_type":"","scores":[{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49529","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49519","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49456","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14359"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868591","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868591"},{"reference_url":"https://github.com/keycloak/keycloak-gatekeeper","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak-gatekeeper"},{"reference_url":"https://github.com/keycloak/keycloak/issues/12934","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/12934"},{"reference_url":"https://issues.jboss.org/browse/KEYCLOAK-14090","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.jboss.org/browse/KEYCLOAK-14090"},{"reference_url":"https://web.archive.org/web/20190613000352/github.com/keycloak/keycloak-gatekeeper","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20190613000352/github.com/keycloak/keycloak-gatekeeper"},{"reference_url":"https://security.archlinux.org/AVG-1332","reference_id":"AVG-1332","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1332"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14359","reference_id":"CVE-2020-14359","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14359"},{"reference_url":"https://github.com/advisories/GHSA-jh6m-3pqw-242h","reference_id":"GHSA-jh6m-3pqw-242h","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jh6m-3pqw-242h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60434?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@13.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1a4q-f36b-43aq"},{"vulnerability":"VCID-1bps-7j9p-a3b6"},{"vulnerability":"VCID-2ju8-s2gd-b3ee"},{"vulnerability":"VCID-48jh-8c96-3bc9"},{"vulnerability":"VCID-8sqn-nkzx-euec"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-kfxs-f5j7-mfhu"},{"vulnerability":"VCID-ku7s-gnhp-a3du"},{"vulnerability":"VCID-qjhb-ubp5-ukdy"},{"vulnerability":"VCID-rt61-271c-nkgk"},{"vulnerability":"VCID-t8wj-9vkr-hbc6"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-yn28-fcm1-zfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@13.0.0"}],"aliases":["CVE-2020-14359","GHSA-jh6m-3pqw-242h"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rb4v-3kux-4fas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43460?format=json","vulnerability_id":"VCID-rwt9-kx6n-dfae","summary":"Insufficient Session Expiration\nIt was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An attacker could use this flaw to gain access to an authenticated user session, leading to possible information disclosure or further attacks.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2904","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2904"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2905","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2905"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2906","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2906"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12159.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12159.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12159","reference_id":"","reference_type":"","scores":[{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.69553","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.69506","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.69545","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12159"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1484111","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1484111"},{"reference_url":"https://github.com/keycloak/keycloak/commit/9b75b603e3a5f5ba6deff13cbb45b070bf2d2239","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/keycloak/keycloak/commit/9b75b603e3a5f5ba6deff13cbb45b070bf2d2239"},{"reference_url":"https://web.archive.org/web/20210124113906/http://www.securityfocus.com/bid/101601","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210124113906/http://www.securityfocus.com/bid/101601"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12159","reference_id":"CVE-2017-12159","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12159"},{"reference_url":"https://github.com/advisories/GHSA-7fmw-85qm-h22p","reference_id":"GHSA-7fmw-85qm-h22p","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7fmw-85qm-h22p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62310?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@3.4.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@3.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/528959?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@3.4.0.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bps-7j9p-a3b6"},{"vulnerability":"VCID-2qmw-afpp-7qa8"},{"vulnerability":"VCID-39am-wkz3-8ubu"},{"vulnerability":"VCID-48jh-8c96-3bc9"},{"vulnerability":"VCID-7662-z35s-9qeq"},{"vulnerability":"VCID-8sqn-nkzx-euec"},{"vulnerability":"VCID-97sj-h6z5-gqcj"},{"vulnerability":"VCID-9kte-cfz7-hqa3"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-bj1j-1evb-wkgr"},{"vulnerability":"VCID-gr2e-ntp4-9fdg"},{"vulnerability":"VCID-hr92-2apu-abg5"},{"vulnerability":"VCID-kfxs-f5j7-mfhu"},{"vulnerability":"VCID-ku7s-gnhp-a3du"},{"vulnerability":"VCID-qjhb-ubp5-ukdy"},{"vulnerability":"VCID-rb4v-3kux-4fas"},{"vulnerability":"VCID-t8wj-9vkr-hbc6"},{"vulnerability":"VCID-wq2e-1xds-3qah"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-xghp-f8g9-akhn"},{"vulnerability":"VCID-y36z-qpqd-37cs"},{"vulnerability":"VCID-y9de-4w6u-abfa"},{"vulnerability":"VCID-yn28-fcm1-zfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@3.4.0.Final"}],"aliases":["CVE-2017-12159","GHSA-7fmw-85qm-h22p"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rwt9-kx6n-dfae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41197?format=json","vulnerability_id":"VCID-t8wj-9vkr-hbc6","summary":"Allocation of Resources Without Limits or Throttling\nA flaw was found in keycloak-model-infinispan in keycloak where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3637.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3637.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3637","reference_id":"","reference_type":"","scores":[{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64826","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64878","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64868","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3637"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1979638","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1979638"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3637","reference_id":"CVE-2021-3637","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3637"},{"reference_url":"https://github.com/advisories/GHSA-2vp8-jv5v-6qh6","reference_id":"GHSA-2vp8-jv5v-6qh6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2vp8-jv5v-6qh6"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3527","reference_id":"RHSA-2021:3527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3527"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3528","reference_id":"RHSA-2021:3528","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3528"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3529","reference_id":"RHSA-2021:3529","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3529"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3534","reference_id":"RHSA-2021:3534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3534"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58359?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@14.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1a4q-f36b-43aq"},{"vulnerability":"VCID-1bps-7j9p-a3b6"},{"vulnerability":"VCID-2ju8-s2gd-b3ee"},{"vulnerability":"VCID-48jh-8c96-3bc9"},{"vulnerability":"VCID-8sqn-nkzx-euec"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-kfxs-f5j7-mfhu"},{"vulnerability":"VCID-ku7s-gnhp-a3du"},{"vulnerability":"VCID-qjhb-ubp5-ukdy"},{"vulnerability":"VCID-rt61-271c-nkgk"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-yn28-fcm1-zfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@14.0.0"}],"aliases":["CVE-2021-3637","GHSA-2vp8-jv5v-6qh6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t8wj-9vkr-hbc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43316?format=json","vulnerability_id":"VCID-u18w-zxb4-5khp","summary":"Improper Authentication\nIt was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attacks.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2904","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2904"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2905","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2905"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2906","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2906"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12160.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12160.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12160","reference_id":"","reference_type":"","scores":[{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.69049","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.69","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.69039","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12160"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1484154","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1484154"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12160","reference_id":"CVE-2017-12160","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12160"},{"reference_url":"https://github.com/advisories/GHSA-qc72-gfvw-76h7","reference_id":"GHSA-qc72-gfvw-76h7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qc72-gfvw-76h7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/528958?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@3.4.0.CR1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bps-7j9p-a3b6"},{"vulnerability":"VCID-2qmw-afpp-7qa8"},{"vulnerability":"VCID-39am-wkz3-8ubu"},{"vulnerability":"VCID-48jh-8c96-3bc9"},{"vulnerability":"VCID-7662-z35s-9qeq"},{"vulnerability":"VCID-7ddy-c7pe-97cd"},{"vulnerability":"VCID-8sqn-nkzx-euec"},{"vulnerability":"VCID-97sj-h6z5-gqcj"},{"vulnerability":"VCID-9kte-cfz7-hqa3"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-bj1j-1evb-wkgr"},{"vulnerability":"VCID-gr2e-ntp4-9fdg"},{"vulnerability":"VCID-hr92-2apu-abg5"},{"vulnerability":"VCID-kfxs-f5j7-mfhu"},{"vulnerability":"VCID-ku7s-gnhp-a3du"},{"vulnerability":"VCID-qjhb-ubp5-ukdy"},{"vulnerability":"VCID-rb4v-3kux-4fas"},{"vulnerability":"VCID-rwt9-kx6n-dfae"},{"vulnerability":"VCID-t8wj-9vkr-hbc6"},{"vulnerability":"VCID-wq2e-1xds-3qah"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-xghp-f8g9-akhn"},{"vulnerability":"VCID-y36z-qpqd-37cs"},{"vulnerability":"VCID-y9de-4w6u-abfa"},{"vulnerability":"VCID-yn28-fcm1-zfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@3.4.0.CR1"}],"aliases":["CVE-2017-12160","GHSA-qc72-gfvw-76h7"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u18w-zxb4-5khp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42274?format=json","vulnerability_id":"VCID-wq2e-1xds-3qah","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA flaw was found in Keycloak's data filter, in version 10.0.1, where it allowed the processing of data URLs in some circumstances. This flaw allows an attacker to conduct cross-site scripting or further attacks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10748.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10748.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10748","reference_id":"","reference_type":"","scores":[{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.58062","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.58003","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.58053","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10748"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1836786","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1836786"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10748","reference_id":"CVE-2020-10748","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10748"},{"reference_url":"https://github.com/advisories/GHSA-hgpg-593r-hhvp","reference_id":"GHSA-hgpg-593r-hhvp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hgpg-593r-hhvp"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2813","reference_id":"RHSA-2020:2813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2813"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60424?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@10.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bps-7j9p-a3b6"},{"vulnerability":"VCID-2ju8-s2gd-b3ee"},{"vulnerability":"VCID-48jh-8c96-3bc9"},{"vulnerability":"VCID-6gee-p7fr-1yhy"},{"vulnerability":"VCID-7662-z35s-9qeq"},{"vulnerability":"VCID-8sqn-nkzx-euec"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-gr2e-ntp4-9fdg"},{"vulnerability":"VCID-hr92-2apu-abg5"},{"vulnerability":"VCID-kfxs-f5j7-mfhu"},{"vulnerability":"VCID-ku7s-gnhp-a3du"},{"vulnerability":"VCID-qjhb-ubp5-ukdy"},{"vulnerability":"VCID-rb4v-3kux-4fas"},{"vulnerability":"VCID-rt61-271c-nkgk"},{"vulnerability":"VCID-t8wj-9vkr-hbc6"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-y36z-qpqd-37cs"},{"vulnerability":"VCID-y9de-4w6u-abfa"},{"vulnerability":"VCID-yn28-fcm1-zfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@10.0.2"}],"aliases":["CVE-2020-10748","GHSA-hgpg-593r-hhvp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wq2e-1xds-3qah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46902?format=json","vulnerability_id":"VCID-xbkp-kjgd-fqcx","summary":"URL Redirection to Untrusted Site ('Open Redirect')\nA flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7854","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7854"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7855","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7856","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7857","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7857"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7858","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7860","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7860"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7861","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7861"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6291.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6291","reference_id":"","reference_type":"","scores":[{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39496","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39491","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6291"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2251407","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2251407"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/b2e91105315ccf2c1df549b4f6c5948322cbfd1b"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7","reference_id":"cpe:/a:redhat:jboss_data_grid:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8","reference_id":"cpe:/a:redhat:jboss_data_grid:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_brms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7","reference_id":"cpe:/a:redhat:jboss_fuse:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6","reference_id":"cpe:/a:redhat:migration_toolkit_applications:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7","reference_id":"cpe:/a:redhat:migration_toolkit_applications:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8","reference_id":"cpe:/a:redhat:rhosemc:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1","reference_id":"cpe:/a:redhat:serverless:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-6291","reference_id":"CVE-2023-6291","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-13T14:56:46Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-6291"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6291","reference_id":"CVE-2023-6291","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6291"},{"reference_url":"https://github.com/advisories/GHSA-mpwq-j3xf-7m5w","reference_id":"GHSA-mpwq-j3xf-7m5w","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mpwq-j3xf-7m5w"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w","reference_id":"GHSA-mpwq-j3xf-7m5w","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-mpwq-j3xf-7m5w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68623?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@23.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bps-7j9p-a3b6"},{"vulnerability":"VCID-ku7s-gnhp-a3du"},{"vulnerability":"VCID-rt61-271c-nkgk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@23.0.0"}],"aliases":["CVE-2023-6291","GHSA-mpwq-j3xf-7m5w"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xbkp-kjgd-fqcx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42322?format=json","vulnerability_id":"VCID-xghp-f8g9-akhn","summary":"Incorrect Permission Assignment for Critical Resource\nA flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their permissions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1694.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1694.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1694","reference_id":"","reference_type":"","scores":[{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51246","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51179","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51241","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1694"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1790759","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1790759"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1694","reference_id":"CVE-2020-1694","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1694"},{"reference_url":"https://github.com/advisories/GHSA-72j4-94rx-cr6w","reference_id":"GHSA-72j4-94rx-cr6w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-72j4-94rx-cr6w"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2813","reference_id":"RHSA-2020:2813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2813"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60507?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@10.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bps-7j9p-a3b6"},{"vulnerability":"VCID-2ju8-s2gd-b3ee"},{"vulnerability":"VCID-48jh-8c96-3bc9"},{"vulnerability":"VCID-6gee-p7fr-1yhy"},{"vulnerability":"VCID-7662-z35s-9qeq"},{"vulnerability":"VCID-8sqn-nkzx-euec"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-gr2e-ntp4-9fdg"},{"vulnerability":"VCID-hr92-2apu-abg5"},{"vulnerability":"VCID-kfxs-f5j7-mfhu"},{"vulnerability":"VCID-ku7s-gnhp-a3du"},{"vulnerability":"VCID-qjhb-ubp5-ukdy"},{"vulnerability":"VCID-rb4v-3kux-4fas"},{"vulnerability":"VCID-rt61-271c-nkgk"},{"vulnerability":"VCID-t8wj-9vkr-hbc6"},{"vulnerability":"VCID-wq2e-1xds-3qah"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-y36z-qpqd-37cs"},{"vulnerability":"VCID-y9de-4w6u-abfa"},{"vulnerability":"VCID-yn28-fcm1-zfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@10.0.0"}],"aliases":["CVE-2020-1694","GHSA-72j4-94rx-cr6w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xghp-f8g9-akhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42330?format=json","vulnerability_id":"VCID-y36z-qpqd-37cs","summary":"Allocation of Resources Without Limits or Throttling\nA vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10758.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10758.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10758","reference_id":"","reference_type":"","scores":[{"value":"0.00529","scoring_system":"epss","scoring_elements":"0.676","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00529","scoring_system":"epss","scoring_elements":"0.67552","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00529","scoring_system":"epss","scoring_elements":"0.67593","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10758"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1843849","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1843849"},{"reference_url":"https://github.com/keycloak/keycloak/commit/bee4ca89897766c4b68856eafe14f1a3dad34251","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/bee4ca89897766c4b68856eafe14f1a3dad34251"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10758","reference_id":"CVE-2020-10758","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10758"},{"reference_url":"https://github.com/advisories/GHSA-52rg-hpwq-qp56","reference_id":"GHSA-52rg-hpwq-qp56","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-52rg-hpwq-qp56"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3495","reference_id":"RHSA-2020:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3496","reference_id":"RHSA-2020:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3497","reference_id":"RHSA-2020:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3501","reference_id":"RHSA-2020:3501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3539","reference_id":"RHSA-2020:3539","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3539"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60519?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@11.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bps-7j9p-a3b6"},{"vulnerability":"VCID-2ju8-s2gd-b3ee"},{"vulnerability":"VCID-48jh-8c96-3bc9"},{"vulnerability":"VCID-6gee-p7fr-1yhy"},{"vulnerability":"VCID-7662-z35s-9qeq"},{"vulnerability":"VCID-8sqn-nkzx-euec"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-gr2e-ntp4-9fdg"},{"vulnerability":"VCID-hr92-2apu-abg5"},{"vulnerability":"VCID-kfxs-f5j7-mfhu"},{"vulnerability":"VCID-ku7s-gnhp-a3du"},{"vulnerability":"VCID-qjhb-ubp5-ukdy"},{"vulnerability":"VCID-rb4v-3kux-4fas"},{"vulnerability":"VCID-rt61-271c-nkgk"},{"vulnerability":"VCID-t8wj-9vkr-hbc6"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-y9de-4w6u-abfa"},{"vulnerability":"VCID-yn28-fcm1-zfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@11.0.1"}],"aliases":["CVE-2020-10758","GHSA-52rg-hpwq-qp56"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y36z-qpqd-37cs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42282?format=json","vulnerability_id":"VCID-y9de-4w6u-abfa","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10776.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10776","reference_id":"","reference_type":"","scores":[{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50807","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50741","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00271","scoring_system":"epss","scoring_elements":"0.50801","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10776"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1847428","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1847428"},{"reference_url":"https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/01be601dbdd77822827de173e34180d9322db85c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10776","reference_id":"CVE-2020-10776","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10776"},{"reference_url":"https://github.com/advisories/GHSA-484q-784p-8m5h","reference_id":"GHSA-484q-784p-8m5h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-484q-784p-8m5h"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4929","reference_id":"RHSA-2020:4929","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4929"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4930","reference_id":"RHSA-2020:4930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4931","reference_id":"RHSA-2020:4931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4932","reference_id":"RHSA-2020:4932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4932"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60275?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@12.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1a4q-f36b-43aq"},{"vulnerability":"VCID-1bps-7j9p-a3b6"},{"vulnerability":"VCID-2ju8-s2gd-b3ee"},{"vulnerability":"VCID-48jh-8c96-3bc9"},{"vulnerability":"VCID-6gee-p7fr-1yhy"},{"vulnerability":"VCID-7662-z35s-9qeq"},{"vulnerability":"VCID-8sqn-nkzx-euec"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-gr2e-ntp4-9fdg"},{"vulnerability":"VCID-kfxs-f5j7-mfhu"},{"vulnerability":"VCID-ku7s-gnhp-a3du"},{"vulnerability":"VCID-qjhb-ubp5-ukdy"},{"vulnerability":"VCID-rb4v-3kux-4fas"},{"vulnerability":"VCID-rt61-271c-nkgk"},{"vulnerability":"VCID-t8wj-9vkr-hbc6"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-yn28-fcm1-zfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@12.0.0"}],"aliases":["CVE-2020-10776","GHSA-484q-784p-8m5h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y9de-4w6u-abfa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4951?format=json","vulnerability_id":"VCID-yn28-fcm1-zfcs","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3827.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3827.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2021-3827","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2021-3827"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3827","reference_id":"","reference_type":"","scores":[{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43218","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.433","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43291","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3827"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3827","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3827"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2007512","reference_id":"2007512","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2007512"},{"reference_url":"https://security.archlinux.org/AVG-1332","reference_id":"AVG-1332","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1332"},{"reference_url":"https://github.com/advisories/GHSA-4pc7-vqv5-5r3v","reference_id":"GHSA-4pc7-vqv5-5r3v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4pc7-vqv5-5r3v"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-4pc7-vqv5-5r3v","reference_id":"GHSA-4pc7-vqv5-5r3v","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-4pc7-vqv5-5r3v"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0151","reference_id":"RHSA-2022:0151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0151"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0152","reference_id":"RHSA-2022:0152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0155","reference_id":"RHSA-2022:0155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0164","reference_id":"RHSA-2022:0164","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0164"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61584?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@18.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bps-7j9p-a3b6"},{"vulnerability":"VCID-48jh-8c96-3bc9"},{"vulnerability":"VCID-8sqn-nkzx-euec"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-kfxs-f5j7-mfhu"},{"vulnerability":"VCID-ku7s-gnhp-a3du"},{"vulnerability":"VCID-rt61-271c-nkgk"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@18.0.0"}],"aliases":["CVE-2021-3827","GHSA-4pc7-vqv5-5r3v","GMS-2022-1098"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yn28-fcm1-zfcs"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43316?format=json","vulnerability_id":"VCID-u18w-zxb4-5khp","summary":"Improper Authentication\nIt was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attacks.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2904","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2904"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2905","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2905"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2906","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:2906"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12160.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12160.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12160","reference_id":"","reference_type":"","scores":[{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.69049","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.69","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.69039","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12160"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1484154","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1484154"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12160","reference_id":"CVE-2017-12160","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12160"},{"reference_url":"https://github.com/advisories/GHSA-qc72-gfvw-76h7","reference_id":"GHSA-qc72-gfvw-76h7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qc72-gfvw-76h7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62048?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@3.3.0.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bps-7j9p-a3b6"},{"vulnerability":"VCID-2qmw-afpp-7qa8"},{"vulnerability":"VCID-39am-wkz3-8ubu"},{"vulnerability":"VCID-48jh-8c96-3bc9"},{"vulnerability":"VCID-7662-z35s-9qeq"},{"vulnerability":"VCID-7ddy-c7pe-97cd"},{"vulnerability":"VCID-8sqn-nkzx-euec"},{"vulnerability":"VCID-97sj-h6z5-gqcj"},{"vulnerability":"VCID-9kte-cfz7-hqa3"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-bj1j-1evb-wkgr"},{"vulnerability":"VCID-gr2e-ntp4-9fdg"},{"vulnerability":"VCID-hr92-2apu-abg5"},{"vulnerability":"VCID-kfxs-f5j7-mfhu"},{"vulnerability":"VCID-ku7s-gnhp-a3du"},{"vulnerability":"VCID-qjhb-ubp5-ukdy"},{"vulnerability":"VCID-rb4v-3kux-4fas"},{"vulnerability":"VCID-rwt9-kx6n-dfae"},{"vulnerability":"VCID-t8wj-9vkr-hbc6"},{"vulnerability":"VCID-u18w-zxb4-5khp"},{"vulnerability":"VCID-wq2e-1xds-3qah"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-xghp-f8g9-akhn"},{"vulnerability":"VCID-y36z-qpqd-37cs"},{"vulnerability":"VCID-y9de-4w6u-abfa"},{"vulnerability":"VCID-yn28-fcm1-zfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@3.3.0.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/528958?format=json","purl":"pkg:maven/org.keycloak/keycloak-parent@3.4.0.CR1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bps-7j9p-a3b6"},{"vulnerability":"VCID-2qmw-afpp-7qa8"},{"vulnerability":"VCID-39am-wkz3-8ubu"},{"vulnerability":"VCID-48jh-8c96-3bc9"},{"vulnerability":"VCID-7662-z35s-9qeq"},{"vulnerability":"VCID-7ddy-c7pe-97cd"},{"vulnerability":"VCID-8sqn-nkzx-euec"},{"vulnerability":"VCID-97sj-h6z5-gqcj"},{"vulnerability":"VCID-9kte-cfz7-hqa3"},{"vulnerability":"VCID-azxv-y5rj-vkg9"},{"vulnerability":"VCID-bj1j-1evb-wkgr"},{"vulnerability":"VCID-gr2e-ntp4-9fdg"},{"vulnerability":"VCID-hr92-2apu-abg5"},{"vulnerability":"VCID-kfxs-f5j7-mfhu"},{"vulnerability":"VCID-ku7s-gnhp-a3du"},{"vulnerability":"VCID-qjhb-ubp5-ukdy"},{"vulnerability":"VCID-rb4v-3kux-4fas"},{"vulnerability":"VCID-rwt9-kx6n-dfae"},{"vulnerability":"VCID-t8wj-9vkr-hbc6"},{"vulnerability":"VCID-wq2e-1xds-3qah"},{"vulnerability":"VCID-xbkp-kjgd-fqcx"},{"vulnerability":"VCID-xghp-f8g9-akhn"},{"vulnerability":"VCID-y36z-qpqd-37cs"},{"vulnerability":"VCID-y9de-4w6u-abfa"},{"vulnerability":"VCID-yn28-fcm1-zfcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@3.4.0.CR1"}],"aliases":["CVE-2017-12160","GHSA-qc72-gfvw-76h7"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u18w-zxb4-5khp"}],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@3.3.0.Final"}