VulnerableCode Package Details - pkg:maven/org.keycloak/keycloak-model-jpa@18.0.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-7qnt-1wwt-aaap Aliases: CVE-2022-3916 GHSA-97g8-xfvw-q4hg GMS-2022-8406	Keycloak vulnerable to session takeover with OIDC offline refreshtokens	20.0.2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-kfzc-yxas-aaad Aliases: CVE-2023-6291 GHSA-mpwq-j3xf-7m5w	The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted	23.0.0 Affected by 0 other vulnerabilities.
VCID-s711-x8ae-aaaj Aliases: CVE-2023-6563 GHSA-54f3-c6hg-865h	An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens (> 500,000 users with each having at least 2 saved sessions). If an attacker creates two or more user sessions and then open the "consents" tab of the admin User Interface, the UI attempts to load a huge number of offline client sessions leading to excessive memory and CPU consumption which could potentially crash the entire system.	21.0.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-7qnt-1wwt-aaap
Aliases:
CVE-2022-3916
GHSA-97g8-xfvw-q4hg
GMS-2022-8406

Keycloak vulnerable to session takeover with OIDC offline refreshtokens

20.0.2
Affected by 2 other vulnerabilities.

VCID-kfzc-yxas-aaad
Aliases:
CVE-2023-6291
GHSA-mpwq-j3xf-7m5w

The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted

23.0.0
Affected by 0 other vulnerabilities.

VCID-s711-x8ae-aaaj
Aliases:
CVE-2023-6563
GHSA-54f3-c6hg-865h

An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens (> 500,000 users with each having at least 2 saved sessions). If an attacker creates two or more user sessions and then open the "consents" tab of the admin User Interface, the UI attempts to load a huge number of offline client sessions leading to excessive memory and CPU consumption which could potentially crash the entire system.

21.0.0
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-20T16:51:41.359007+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml	36.1.3
2025-06-20T16:49:39.061271+00:00	GitLab Importer	Affected by	VCID-s711-x8ae-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml	36.1.3
2025-06-20T16:43:25.633143+00:00	GitLab Importer	Affected by	VCID-7qnt-1wwt-aaap	None	36.1.3
2025-06-20T16:43:14.606814+00:00	GitLab Importer	Affected by	VCID-7qnt-1wwt-aaap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2022-3916.yml	36.1.3
2025-06-03T23:29:00.841997+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml	36.1.0
2025-06-03T23:27:09.871992+00:00	GitLab Importer	Affected by	VCID-s711-x8ae-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml	36.1.0
2025-06-03T23:21:43.485183+00:00	GitLab Importer	Affected by	VCID-7qnt-1wwt-aaap	None	36.1.0
2025-06-03T23:21:34.787035+00:00	GitLab Importer	Affected by	VCID-7qnt-1wwt-aaap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2022-3916.yml	36.1.0
2025-06-02T23:26:40.517193+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml	36.1.2
2025-06-02T23:24:45.961535+00:00	GitLab Importer	Affected by	VCID-s711-x8ae-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml	36.1.2
2025-06-02T23:18:57.361213+00:00	GitLab Importer	Affected by	VCID-7qnt-1wwt-aaap	None	36.1.2
2025-06-02T23:18:47.675051+00:00	GitLab Importer	Affected by	VCID-7qnt-1wwt-aaap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2022-3916.yml	36.1.2
2025-04-03T21:52:45.716636+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml	36.0.0
2025-04-03T21:48:35.483100+00:00	GitLab Importer	Affected by	VCID-s711-x8ae-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml	36.0.0
2025-04-03T21:36:13.602908+00:00	GitLab Importer	Affected by	VCID-7qnt-1wwt-aaap	None	36.0.0
2025-04-03T21:35:48.741260+00:00	GitLab Importer	Affected by	VCID-7qnt-1wwt-aaap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2022-3916.yml	36.0.0
2025-02-18T03:44:09.763224+00:00	GitLab Importer	Affected by	VCID-s711-x8ae-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml	35.1.0
2025-02-18T01:06:37.969963+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml	35.1.0
2025-02-18T00:45:47.892549+00:00	GitLab Importer	Affected by	VCID-7qnt-1wwt-aaap	None	35.1.0
2025-02-18T00:45:43.208006+00:00	GitLab Importer	Affected by	VCID-7qnt-1wwt-aaap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2022-3916.yml	35.1.0
2024-11-21T01:01:01.002607+00:00	GitLab Importer	Affected by	VCID-s711-x8ae-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml	35.0.0
2024-11-20T23:31:17.206035+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml	35.0.0
2024-11-20T23:19:19.574697+00:00	GitLab Importer	Affected by	VCID-7qnt-1wwt-aaap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2022-3916.yml	35.0.0
2024-11-19T00:49:38.503627+00:00	GitLab Importer	Affected by	VCID-s711-x8ae-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml	34.3.2
2024-11-18T23:20:26.812882+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml	34.3.2
2024-11-18T23:06:52.456384+00:00	GitLab Importer	Affected by	VCID-7qnt-1wwt-aaap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2022-3916.yml	34.3.2
2024-10-08T01:21:23.844823+00:00	GitLab Importer	Affected by	VCID-s711-x8ae-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml	34.0.2
2024-10-08T00:17:34.452243+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml	34.0.2
2024-10-08T00:06:10.806466+00:00	GitLab Importer	Affected by	VCID-7qnt-1wwt-aaap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2022-3916.yml	34.0.2
2024-10-07T21:52:23.224881+00:00	GHSA Importer	Affected by	VCID-s711-x8ae-aaaj	https://github.com/advisories/GHSA-54f3-c6hg-865h	34.0.2
2024-09-23T01:26:41.173698+00:00	GitLab Importer	Affected by	VCID-s711-x8ae-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml	34.0.1
2024-09-23T00:31:32.614165+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml	34.0.1
2024-09-23T00:19:43.120907+00:00	GitLab Importer	Affected by	VCID-7qnt-1wwt-aaap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2022-3916.yml	34.0.1
2024-09-22T22:21:38.617954+00:00	GHSA Importer	Affected by	VCID-s711-x8ae-aaaj	https://github.com/advisories/GHSA-54f3-c6hg-865h	34.0.1
2024-05-17T21:07:19.226072+00:00	GHSA Importer	Affected by	VCID-s711-x8ae-aaaj	https://github.com/advisories/GHSA-54f3-c6hg-865h	34.0.0rc4
2024-04-24T03:59:20.946038+00:00	GitLab Importer	Affected by	VCID-s711-x8ae-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml	34.0.0rc4
2024-04-24T02:42:35.245380+00:00	GitLab Importer	Affected by	VCID-kfzc-yxas-aaad	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml	34.0.0rc4
2024-04-24T02:32:08.594719+00:00	GitLab Importer	Affected by	VCID-7qnt-1wwt-aaap	None	34.0.0rc4
2024-04-24T02:32:05.662731+00:00	GitLab Importer	Affected by	VCID-7qnt-1wwt-aaap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2022-3916.yml	34.0.0rc4
2024-01-10T05:07:21.060923+00:00	GitLab Importer	Affected by	VCID-7qnt-1wwt-aaap	None	34.0.0rc2
2024-01-10T05:07:18.321584+00:00	GitLab Importer	Affected by	VCID-7qnt-1wwt-aaap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2022-3916.yml	34.0.0rc2
2024-01-10T03:13:50.236936+00:00	GHSA Importer	Affected by	VCID-s711-x8ae-aaaj	https://github.com/advisories/GHSA-54f3-c6hg-865h	34.0.0rc2
2024-01-03T21:55:05.214790+00:00	GitLab Importer	Affected by	VCID-7qnt-1wwt-aaap	None	34.0.0rc1
2024-01-03T21:55:02.423229+00:00	GitLab Importer	Affected by	VCID-7qnt-1wwt-aaap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2022-3916.yml	34.0.0rc1

2025-06-20T16:51:41.359007+00:00

GitLab Importer

Affected by

VCID-kfzc-yxas-aaad

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml

36.1.3

2025-06-20T16:49:39.061271+00:00

GitLab Importer

Affected by

VCID-s711-x8ae-aaaj

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml

36.1.3

2025-06-20T16:43:25.633143+00:00

GitLab Importer

Affected by

Next non-vulnerable version	23.0.0
Latest non-vulnerable version	23.0.0
Risk	4.0