Search for packages
| purl | pkg:npm/keycloak-js@3.1.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-48gp-k3jj-uygq | keycloak-connect and keycloak-js improperly handle invalid tokens It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks. |
CVE-2017-7474
GHSA-mw35-24gh-f82w |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-31T12:27:09.752745+00:00 | GHSA Importer | Fixing | VCID-48gp-k3jj-uygq | https://github.com/advisories/GHSA-mw35-24gh-f82w | 37.0.0 |
| 2025-07-31T09:22:21.864172+00:00 | GitLab Importer | Fixing | VCID-48gp-k3jj-uygq | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/keycloak-js/CVE-2017-7474.yml | 37.0.0 |
| 2025-07-31T08:36:37.573066+00:00 | GithubOSV Importer | Fixing | VCID-48gp-k3jj-uygq | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/11/GHSA-mw35-24gh-f82w/GHSA-mw35-24gh-f82w.json | 37.0.0 |