Search for packages
Package details: pkg:maven/org.keycloak/keycloak-services@26.1.2
purl pkg:maven/org.keycloak/keycloak-services@26.1.2
Next non-vulnerable version 26.2.2
Latest non-vulnerable version 26.2.2
Risk 4.0
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-1azf-tnm3-pyh3
Aliases:
GHSA-fx44-2wx5-5fvp
Duplicate Advisory: Keycloak vulnerable to two factor authentication bypass
26.2.2
Affected by 0 other vulnerabilities.
VCID-5hrf-cqc3-b7am
Aliases:
GHSA-r934-w73g-v4p8
Duplicate Advisory: Keycloak hostname verification
26.2.2
Affected by 0 other vulnerabilities.
VCID-ur9z-vd6r-9qcj
Aliases:
CVE-2025-2559
GHSA-2935-2wfm-hhpv
org.keycloak/keycloak-services: JWT Token Cache Exhaustion Leading to Denial of Service (DoS) in Keycloak
26.1.5
Affected by 4 other vulnerabilities.
VCID-w71m-tyt8-dqby
Aliases:
CVE-2025-3501
GHSA-hw58-3793-42gg
A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended.
26.2.2
Affected by 0 other vulnerabilities.
VCID-ze83-qhsk-67bh
Aliases:
CVE-2025-3910
GHSA-5jfq-x6xp-7rw2
A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.
26.2.2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-dk7y-hky5-kbey Duplicate Advisory: Keycloak allows Incorrect Assignment of an Organization to a User # Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gvgg-2r3r-53x7. This link is maintained to preserve external references. # Original Description A flaw was found in the Keycloak organization feature, which allows the incorrect assignment of an organization to a user if their username or email matches the organization’s domain pattern. This issue occurs at the mapper level, leading to misrepresentation in tokens. If an application relies on these claims for authorization, it may incorrectly assume a user belongs to an organization they are not a member of, potentially granting unauthorized access or privileges. GHSA-rq4w-cjrr-h8w8

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-20T17:21:01.327359+00:00 GitLab Importer Affected by VCID-w71m-tyt8-dqby https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-3501.yml 36.1.3
2025-06-20T17:20:56.213264+00:00 GitLab Importer Affected by VCID-ze83-qhsk-67bh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-3910.yml 36.1.3
2025-06-20T17:20:52.281905+00:00 GitLab Importer Affected by VCID-1azf-tnm3-pyh3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-fx44-2wx5-5fvp.yml 36.1.3
2025-06-20T17:20:51.406564+00:00 GitLab Importer Affected by VCID-5hrf-cqc3-b7am https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-r934-w73g-v4p8.yml 36.1.3
2025-06-20T17:19:06.189810+00:00 GitLab Importer Affected by VCID-ur9z-vd6r-9qcj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-2559.yml 36.1.3
2025-06-20T17:16:39.317015+00:00 GitLab Importer Fixing VCID-dk7y-hky5-kbey https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-rq4w-cjrr-h8w8.yml 36.1.3
2025-06-03T23:55:54.188135+00:00 GitLab Importer Affected by VCID-w71m-tyt8-dqby https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-3501.yml 36.1.0
2025-06-03T23:55:49.390179+00:00 GitLab Importer Affected by VCID-ze83-qhsk-67bh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-3910.yml 36.1.0
2025-06-03T23:55:46.215040+00:00 GitLab Importer Affected by VCID-1azf-tnm3-pyh3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-fx44-2wx5-5fvp.yml 36.1.0
2025-06-03T23:55:45.416551+00:00 GitLab Importer Affected by VCID-5hrf-cqc3-b7am https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-r934-w73g-v4p8.yml 36.1.0
2025-06-03T23:54:02.826018+00:00 GitLab Importer Affected by VCID-ur9z-vd6r-9qcj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-2559.yml 36.1.0
2025-06-03T23:51:52.273308+00:00 GitLab Importer Fixing VCID-dk7y-hky5-kbey https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-rq4w-cjrr-h8w8.yml 36.1.0
2025-06-02T23:54:49.368717+00:00 GitLab Importer Affected by VCID-w71m-tyt8-dqby https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-3501.yml 36.1.2
2025-06-02T23:54:44.252995+00:00 GitLab Importer Affected by VCID-ze83-qhsk-67bh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-3910.yml 36.1.2
2025-06-02T23:54:40.954639+00:00 GitLab Importer Affected by VCID-1azf-tnm3-pyh3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-fx44-2wx5-5fvp.yml 36.1.2
2025-06-02T23:54:40.089763+00:00 GitLab Importer Affected by VCID-5hrf-cqc3-b7am https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-r934-w73g-v4p8.yml 36.1.2
2025-06-02T23:52:59.655566+00:00 GitLab Importer Affected by VCID-ur9z-vd6r-9qcj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-2559.yml 36.1.2
2025-06-02T23:50:40.414122+00:00 GitLab Importer Fixing VCID-dk7y-hky5-kbey https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-rq4w-cjrr-h8w8.yml 36.1.2
2025-05-31T23:45:02.426084+00:00 GitLab Importer Affected by VCID-w71m-tyt8-dqby https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-3501.yml 36.0.0
2025-05-31T23:44:57.122624+00:00 GitLab Importer Affected by VCID-ze83-qhsk-67bh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-3910.yml 36.0.0
2025-05-31T02:29:19.081753+00:00 GitLab Importer Affected by VCID-1azf-tnm3-pyh3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-fx44-2wx5-5fvp.yml 36.0.0
2025-05-31T02:29:18.158465+00:00 GitLab Importer Affected by VCID-5hrf-cqc3-b7am https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-r934-w73g-v4p8.yml 36.0.0
2025-05-01T17:23:41.139823+00:00 GitLab Importer Affected by VCID-ur9z-vd6r-9qcj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-2559.yml 36.0.0
2025-04-04T11:31:15.633320+00:00 GithubOSV Importer Fixing VCID-dk7y-hky5-kbey https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/02/GHSA-rq4w-cjrr-h8w8/GHSA-rq4w-cjrr-h8w8.json 36.0.0
2025-03-28T20:02:26.886197+00:00 GHSA Importer Fixing VCID-dk7y-hky5-kbey https://github.com/advisories/GHSA-rq4w-cjrr-h8w8 36.0.0
2025-03-28T16:48:25.959943+00:00 GitLab Importer Fixing VCID-dk7y-hky5-kbey https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-rq4w-cjrr-h8w8.yml 36.0.0