VulnerableCode Package Details - pkg:maven/org.keycloak/keycloak-services@26.1.5

Search for packages

Vulnerability	Summary	Fixed by
VCID-1azf-tnm3-pyh3 Aliases: GHSA-fx44-2wx5-5fvp	Duplicate Advisory: Keycloak vulnerable to two factor authentication bypass	26.2.2 Affected by 0 other vulnerabilities.
VCID-5hrf-cqc3-b7am Aliases: GHSA-r934-w73g-v4p8	Duplicate Advisory: Keycloak hostname verification	26.2.2 Affected by 0 other vulnerabilities.
VCID-w71m-tyt8-dqby Aliases: CVE-2025-3501 GHSA-hw58-3793-42gg	A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended.	26.2.2 Affected by 0 other vulnerabilities.
VCID-ze83-qhsk-67bh Aliases: CVE-2025-3910 GHSA-5jfq-x6xp-7rw2	A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.	26.2.2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-1azf-tnm3-pyh3
Aliases:
GHSA-fx44-2wx5-5fvp

Duplicate Advisory: Keycloak vulnerable to two factor authentication bypass

26.2.2
Affected by 0 other vulnerabilities.

VCID-5hrf-cqc3-b7am
Aliases:
GHSA-r934-w73g-v4p8

Duplicate Advisory: Keycloak hostname verification

26.2.2
Affected by 0 other vulnerabilities.

VCID-w71m-tyt8-dqby
Aliases:
CVE-2025-3501
GHSA-hw58-3793-42gg

A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended.

26.2.2
Affected by 0 other vulnerabilities.

VCID-ze83-qhsk-67bh
Aliases:
CVE-2025-3910
GHSA-5jfq-x6xp-7rw2

A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.

26.2.2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-ur9z-vd6r-9qcj	org.keycloak/keycloak-services: JWT Token Cache Exhaustion Leading to Denial of Service (DoS) in Keycloak	CVE-2025-2559 GHSA-2935-2wfm-hhpv

Vulnerability

Summary

Aliases

VCID-ur9z-vd6r-9qcj

org.keycloak/keycloak-services: JWT Token Cache Exhaustion Leading to Denial of Service (DoS) in Keycloak

CVE-2025-2559
GHSA-2935-2wfm-hhpv

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-20T17:21:01.332891+00:00	GitLab Importer	Affected by	VCID-w71m-tyt8-dqby	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-3501.yml	36.1.3
2025-06-20T17:20:56.218776+00:00	GitLab Importer	Affected by	VCID-ze83-qhsk-67bh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-3910.yml	36.1.3
2025-06-20T17:20:52.287403+00:00	GitLab Importer	Affected by	VCID-1azf-tnm3-pyh3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-fx44-2wx5-5fvp.yml	36.1.3
2025-06-20T17:20:51.411142+00:00	GitLab Importer	Affected by	VCID-5hrf-cqc3-b7am	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-r934-w73g-v4p8.yml	36.1.3
2025-06-20T17:19:06.195366+00:00	GitLab Importer	Fixing	VCID-ur9z-vd6r-9qcj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-2559.yml	36.1.3
2025-06-03T23:55:54.193491+00:00	GitLab Importer	Affected by	VCID-w71m-tyt8-dqby	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-3501.yml	36.1.0
2025-06-03T23:55:49.394664+00:00	GitLab Importer	Affected by	VCID-ze83-qhsk-67bh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-3910.yml	36.1.0
2025-06-03T23:55:46.219555+00:00	GitLab Importer	Affected by	VCID-1azf-tnm3-pyh3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-fx44-2wx5-5fvp.yml	36.1.0
2025-06-03T23:55:45.421911+00:00	GitLab Importer	Affected by	VCID-5hrf-cqc3-b7am	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-r934-w73g-v4p8.yml	36.1.0
2025-06-03T23:54:02.830457+00:00	GitLab Importer	Fixing	VCID-ur9z-vd6r-9qcj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-2559.yml	36.1.0
2025-06-02T23:54:49.374127+00:00	GitLab Importer	Affected by	VCID-w71m-tyt8-dqby	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-3501.yml	36.1.2
2025-06-02T23:54:44.257619+00:00	GitLab Importer	Affected by	VCID-ze83-qhsk-67bh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-3910.yml	36.1.2
2025-06-02T23:54:40.960102+00:00	GitLab Importer	Affected by	VCID-1azf-tnm3-pyh3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-fx44-2wx5-5fvp.yml	36.1.2
2025-06-02T23:54:40.095240+00:00	GitLab Importer	Affected by	VCID-5hrf-cqc3-b7am	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-r934-w73g-v4p8.yml	36.1.2
2025-06-02T23:52:59.661374+00:00	GitLab Importer	Fixing	VCID-ur9z-vd6r-9qcj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-2559.yml	36.1.2
2025-05-31T23:45:02.432179+00:00	GitLab Importer	Affected by	VCID-w71m-tyt8-dqby	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-3501.yml	36.0.0
2025-05-31T23:44:57.127944+00:00	GitLab Importer	Affected by	VCID-ze83-qhsk-67bh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-3910.yml	36.0.0
2025-05-31T02:29:19.087814+00:00	GitLab Importer	Affected by	VCID-1azf-tnm3-pyh3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-fx44-2wx5-5fvp.yml	36.0.0
2025-05-31T02:29:18.164709+00:00	GitLab Importer	Affected by	VCID-5hrf-cqc3-b7am	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-r934-w73g-v4p8.yml	36.0.0
2025-05-01T17:23:41.173194+00:00	GitLab Importer	Fixing	VCID-ur9z-vd6r-9qcj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-2559.yml	36.0.0