Search for packages
Package details: pkg:maven/org.keycloak/keycloak-model-jpa@20.0.2
purl pkg:maven/org.keycloak/keycloak-model-jpa@20.0.2
Next non-vulnerable version 23.0.0
Latest non-vulnerable version 23.0.0
Risk 4.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-kfzc-yxas-aaad
Aliases:
CVE-2023-6291
GHSA-mpwq-j3xf-7m5w
The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted
23.0.0
Affected by 0 other vulnerabilities.
VCID-s711-x8ae-aaaj
Aliases:
CVE-2023-6563
GHSA-54f3-c6hg-865h
An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens (> 500,000 users with each having at least 2 saved sessions). If an attacker creates two or more user sessions and then open the "consents" tab of the admin User Interface, the UI attempts to load a huge number of offline client sessions leading to excessive memory and CPU consumption which could potentially crash the entire system.
21.0.0
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-7qnt-1wwt-aaap Keycloak vulnerable to session takeover with OIDC offline refreshtokens CVE-2022-3916
GHSA-97g8-xfvw-q4hg
GMS-2022-8406

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-20T16:51:41.375368+00:00 GitLab Importer Affected by VCID-kfzc-yxas-aaad https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml 36.1.3
2025-06-20T16:49:39.080410+00:00 GitLab Importer Affected by VCID-s711-x8ae-aaaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml 36.1.3
2025-06-20T16:43:25.648133+00:00 GitLab Importer Fixing VCID-7qnt-1wwt-aaap None 36.1.3
2025-06-20T16:43:14.623799+00:00 GitLab Importer Fixing VCID-7qnt-1wwt-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2022-3916.yml 36.1.3
2025-06-03T23:29:00.855542+00:00 GitLab Importer Affected by VCID-kfzc-yxas-aaad https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml 36.1.0
2025-06-03T23:27:09.888085+00:00 GitLab Importer Affected by VCID-s711-x8ae-aaaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml 36.1.0
2025-06-03T23:21:43.498740+00:00 GitLab Importer Fixing VCID-7qnt-1wwt-aaap None 36.1.0
2025-06-03T23:21:34.800631+00:00 GitLab Importer Fixing VCID-7qnt-1wwt-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2022-3916.yml 36.1.0
2025-06-02T23:26:40.533667+00:00 GitLab Importer Affected by VCID-kfzc-yxas-aaad https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml 36.1.2
2025-06-02T23:24:45.977988+00:00 GitLab Importer Affected by VCID-s711-x8ae-aaaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml 36.1.2
2025-06-02T23:18:57.377814+00:00 GitLab Importer Fixing VCID-7qnt-1wwt-aaap None 36.1.2
2025-06-02T23:18:47.691807+00:00 GitLab Importer Fixing VCID-7qnt-1wwt-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2022-3916.yml 36.1.2
2025-04-03T21:52:45.761658+00:00 GitLab Importer Affected by VCID-kfzc-yxas-aaad https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml 36.0.0
2025-04-03T21:48:35.528169+00:00 GitLab Importer Affected by VCID-s711-x8ae-aaaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml 36.0.0
2025-04-03T21:36:13.648026+00:00 GitLab Importer Fixing VCID-7qnt-1wwt-aaap None 36.0.0
2025-04-03T21:35:48.786731+00:00 GitLab Importer Fixing VCID-7qnt-1wwt-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2022-3916.yml 36.0.0
2025-02-18T03:44:09.806683+00:00 GitLab Importer Affected by VCID-s711-x8ae-aaaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml 35.1.0
2025-02-18T01:06:38.013960+00:00 GitLab Importer Affected by VCID-kfzc-yxas-aaad https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml 35.1.0
2025-02-18T00:45:47.935666+00:00 GitLab Importer Fixing VCID-7qnt-1wwt-aaap None 35.1.0
2025-02-18T00:45:43.252519+00:00 GitLab Importer Fixing VCID-7qnt-1wwt-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2022-3916.yml 35.1.0
2024-11-21T01:01:01.046622+00:00 GitLab Importer Affected by VCID-s711-x8ae-aaaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml 35.0.0
2024-11-20T23:31:17.251890+00:00 GitLab Importer Affected by VCID-kfzc-yxas-aaad https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml 35.0.0
2024-11-20T23:19:19.618538+00:00 GitLab Importer Fixing VCID-7qnt-1wwt-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2022-3916.yml 35.0.0
2024-11-19T00:49:38.548014+00:00 GitLab Importer Affected by VCID-s711-x8ae-aaaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml 34.3.2
2024-11-18T23:20:26.857343+00:00 GitLab Importer Affected by VCID-kfzc-yxas-aaad https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml 34.3.2
2024-11-18T23:06:52.504011+00:00 GitLab Importer Fixing VCID-7qnt-1wwt-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2022-3916.yml 34.3.2
2024-10-08T01:21:23.889692+00:00 GitLab Importer Affected by VCID-s711-x8ae-aaaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml 34.0.2
2024-10-08T00:17:34.498129+00:00 GitLab Importer Affected by VCID-kfzc-yxas-aaad https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml 34.0.2
2024-10-08T00:06:10.850431+00:00 GitLab Importer Fixing VCID-7qnt-1wwt-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2022-3916.yml 34.0.2
2024-10-07T21:52:23.268139+00:00 GHSA Importer Affected by VCID-s711-x8ae-aaaj https://github.com/advisories/GHSA-54f3-c6hg-865h 34.0.2
2024-09-23T01:26:41.217349+00:00 GitLab Importer Affected by VCID-s711-x8ae-aaaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml 34.0.1
2024-09-23T00:31:32.660005+00:00 GitLab Importer Affected by VCID-kfzc-yxas-aaad https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml 34.0.1
2024-09-22T22:21:38.661816+00:00 GHSA Importer Affected by VCID-s711-x8ae-aaaj https://github.com/advisories/GHSA-54f3-c6hg-865h 34.0.1
2024-09-17T22:41:42.185230+00:00 GitLab Importer Fixing VCID-7qnt-1wwt-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2022-3916.yml 34.0.1
2024-05-17T21:07:19.273043+00:00 GHSA Importer Affected by VCID-s711-x8ae-aaaj https://github.com/advisories/GHSA-54f3-c6hg-865h 34.0.0rc4
2024-04-24T03:59:20.988845+00:00 GitLab Importer Affected by VCID-s711-x8ae-aaaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6563.yml 34.0.0rc4
2024-04-24T02:42:35.292606+00:00 GitLab Importer Affected by VCID-kfzc-yxas-aaad https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2023-6291.yml 34.0.0rc4
2024-04-24T02:32:08.638459+00:00 GitLab Importer Fixing VCID-7qnt-1wwt-aaap None 34.0.0rc4
2024-04-24T02:32:05.705762+00:00 GitLab Importer Fixing VCID-7qnt-1wwt-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2022-3916.yml 34.0.0rc4
2024-01-10T05:07:21.102250+00:00 GitLab Importer Fixing VCID-7qnt-1wwt-aaap None 34.0.0rc2
2024-01-10T05:07:18.363386+00:00 GitLab Importer Fixing VCID-7qnt-1wwt-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2022-3916.yml 34.0.0rc2
2024-01-10T03:13:50.284758+00:00 GHSA Importer Affected by VCID-s711-x8ae-aaaj https://github.com/advisories/GHSA-54f3-c6hg-865h 34.0.0rc2
2024-01-03T21:55:05.256336+00:00 GitLab Importer Fixing VCID-7qnt-1wwt-aaap None 34.0.0rc1
2024-01-03T18:03:55.281316+00:00 GitLab Importer Fixing VCID-7qnt-1wwt-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-model-jpa/CVE-2022-3916.yml 34.0.0rc1