VulnerableCode Package Details - pkg:maven/org.keycloak/keycloak-services@26.1.3

Search for packages

Vulnerability	Summary	Fixed by
VCID-1azf-tnm3-pyh3 Aliases: GHSA-fx44-2wx5-5fvp	Duplicate Advisory: Keycloak vulnerable to two factor authentication bypass	26.2.2 Affected by 0 other vulnerabilities.
VCID-5hrf-cqc3-b7am Aliases: GHSA-r934-w73g-v4p8	Duplicate Advisory: Keycloak hostname verification	26.2.2 Affected by 0 other vulnerabilities.
VCID-ur9z-vd6r-9qcj Aliases: CVE-2025-2559 GHSA-2935-2wfm-hhpv	org.keycloak/keycloak-services: JWT Token Cache Exhaustion Leading to Denial of Service (DoS) in Keycloak	26.1.5 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-w71m-tyt8-dqby Aliases: CVE-2025-3501 GHSA-hw58-3793-42gg	A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended.	26.2.2 Affected by 0 other vulnerabilities.
VCID-ze83-qhsk-67bh Aliases: CVE-2025-3910 GHSA-5jfq-x6xp-7rw2	A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.	26.2.2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-1azf-tnm3-pyh3
Aliases:
GHSA-fx44-2wx5-5fvp

Duplicate Advisory: Keycloak vulnerable to two factor authentication bypass

26.2.2
Affected by 0 other vulnerabilities.

VCID-5hrf-cqc3-b7am
Aliases:
GHSA-r934-w73g-v4p8

Duplicate Advisory: Keycloak hostname verification

26.2.2
Affected by 0 other vulnerabilities.

VCID-ur9z-vd6r-9qcj
Aliases:
CVE-2025-2559
GHSA-2935-2wfm-hhpv

org.keycloak/keycloak-services: JWT Token Cache Exhaustion Leading to Denial of Service (DoS) in Keycloak

26.1.5
Affected by 4 other vulnerabilities.

VCID-w71m-tyt8-dqby
Aliases:
CVE-2025-3501
GHSA-hw58-3793-42gg

A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended.

26.2.2
Affected by 0 other vulnerabilities.

VCID-ze83-qhsk-67bh
Aliases:
CVE-2025-3910
GHSA-5jfq-x6xp-7rw2

A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.

26.2.2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-q6sn-1ds2-sfe6	keycloak-services: Improper Authorization in Keycloak Organization Mapper Allows Unauthorized Organization Claims	CVE-2025-1391 GHSA-gvgg-2r3r-53x7

Vulnerability

Summary

Aliases

VCID-q6sn-1ds2-sfe6

keycloak-services: Improper Authorization in Keycloak Organization Mapper Allows Unauthorized Organization Claims

CVE-2025-1391
GHSA-gvgg-2r3r-53x7

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-20T17:21:01.329199+00:00	GitLab Importer	Affected by	VCID-w71m-tyt8-dqby	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-3501.yml	36.1.3
2025-06-20T17:20:56.215104+00:00	GitLab Importer	Affected by	VCID-ze83-qhsk-67bh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-3910.yml	36.1.3
2025-06-20T17:20:52.283731+00:00	GitLab Importer	Affected by	VCID-1azf-tnm3-pyh3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-fx44-2wx5-5fvp.yml	36.1.3
2025-06-20T17:20:51.408090+00:00	GitLab Importer	Affected by	VCID-5hrf-cqc3-b7am	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-r934-w73g-v4p8.yml	36.1.3
2025-06-20T17:19:06.191529+00:00	GitLab Importer	Affected by	VCID-ur9z-vd6r-9qcj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-2559.yml	36.1.3
2025-06-03T23:55:54.189943+00:00	GitLab Importer	Affected by	VCID-w71m-tyt8-dqby	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-3501.yml	36.1.0
2025-06-03T23:55:49.391664+00:00	GitLab Importer	Affected by	VCID-ze83-qhsk-67bh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-3910.yml	36.1.0
2025-06-03T23:55:46.216575+00:00	GitLab Importer	Affected by	VCID-1azf-tnm3-pyh3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-fx44-2wx5-5fvp.yml	36.1.0
2025-06-03T23:55:45.418310+00:00	GitLab Importer	Affected by	VCID-5hrf-cqc3-b7am	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-r934-w73g-v4p8.yml	36.1.0
2025-06-03T23:54:02.827490+00:00	GitLab Importer	Affected by	VCID-ur9z-vd6r-9qcj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-2559.yml	36.1.0
2025-06-02T23:54:49.370537+00:00	GitLab Importer	Affected by	VCID-w71m-tyt8-dqby	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-3501.yml	36.1.2
2025-06-02T23:54:44.254533+00:00	GitLab Importer	Affected by	VCID-ze83-qhsk-67bh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-3910.yml	36.1.2
2025-06-02T23:54:40.956456+00:00	GitLab Importer	Affected by	VCID-1azf-tnm3-pyh3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-fx44-2wx5-5fvp.yml	36.1.2
2025-06-02T23:54:40.091582+00:00	GitLab Importer	Affected by	VCID-5hrf-cqc3-b7am	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-r934-w73g-v4p8.yml	36.1.2
2025-06-02T23:52:59.657907+00:00	GitLab Importer	Affected by	VCID-ur9z-vd6r-9qcj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-2559.yml	36.1.2
2025-05-31T23:45:02.428117+00:00	GitLab Importer	Affected by	VCID-w71m-tyt8-dqby	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-3501.yml	36.0.0
2025-05-31T23:44:57.124295+00:00	GitLab Importer	Affected by	VCID-ze83-qhsk-67bh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-3910.yml	36.0.0
2025-05-31T02:29:19.083771+00:00	GitLab Importer	Affected by	VCID-1azf-tnm3-pyh3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-fx44-2wx5-5fvp.yml	36.0.0
2025-05-31T02:29:18.160489+00:00	GitLab Importer	Affected by	VCID-5hrf-cqc3-b7am	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-r934-w73g-v4p8.yml	36.0.0
2025-05-01T17:23:41.144853+00:00	GitLab Importer	Affected by	VCID-ur9z-vd6r-9qcj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-2559.yml	36.0.0
2025-04-04T11:31:46.985719+00:00	GithubOSV Importer	Fixing	VCID-q6sn-1ds2-sfe6	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-gvgg-2r3r-53x7/GHSA-gvgg-2r3r-53x7.json	36.0.0
2025-03-28T20:12:52.317877+00:00	GHSA Importer	Fixing	VCID-q6sn-1ds2-sfe6	https://github.com/advisories/GHSA-gvgg-2r3r-53x7	36.0.0