org.keycloak:keycloak-core vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2024-4028Loworg.keycloak:keycloak-core: Keycloak allows cross-site scripting (XSS)CVE-2024-10039Highorg.keycloak:keycloak-core: Keycloak mTLS Authentication Bypass via Reverse Proxy TLS Termination CVE-2024-7318Mediumorg.keycloak:keycloak-core: Keycloaks's One Time Passcode (OTP) is valid longer than expiration timeSeverityCVE-2023-6841Highorg.keycloak:keycloak-core: Keycloak Denial of Service vulnerabilityCVE-2024-7260Mediumorg.keycloak:keycloak-core: Keycloak Open Redirect vulnerabilityCVE-2023-6927Mediumorg.keycloak:keycloak-core: keycloak-core: open redirect via "form_post.jwt" JARM response modeCVE-2023-4918Highorg.keycloak:keycloak-core: Keycloak vulnerable to Plaintext Storage of User PasswordCVE-2023-0105Mediumorg.keycloak:keycloak-core: Keycloak: Impersonation and lockout possible through incorrect handling of email trustCVE-2023-1664Mediumorg.keycloak:keycloak-core: Keycloak Untrusted Certificate Validation vulnerabilityCVE-2023-0091Mediumorg.keycloak:keycloak-core: Keycloak has lack of validation of access token on client registrations endpointGHSA-755V-R4X4-QF7MMediumorg.keycloak:keycloak-core: Stored Cross-Site Scripting (XSS) in Keycloak via groups dropdownCVE-2021-3856Mediumorg.keycloak:keycloak-core: Keycloak has Files or Directories Accessible to External PartiesCVE-2021-3632Highorg.keycloak:keycloak-core: Keycloak allows anyone to register new security device or key for any user by using WebAuthn password-less login flowCVE-2022-0225Mediumorg.keycloak:keycloak-core: Keycloak XSS via use of malicious payload as group name when creating new group from admin consoleCVE-2020-35509Mediumorg.keycloak:keycloak-core: Keycloak vulnerable to Improper Certificate ValidationCVE-2020-27838Mediumorg.keycloak:keycloak-core: Keycloak discloses information without authenticationCVE-2020-10770Mediumorg.keycloak:keycloak-core: Keycloak vulnerable to Server-Side Request ForgeryCVE-2020-1724Mediumorg.keycloak:keycloak-core: Keycloak Insufficient Session ExpiryCVE-2020-1698Mediumorg.keycloak:keycloak-core: Keycloak leaks sensitive information in logged exceptionsCVE-2020-10686Mediumorg.keycloak:keycloak-core: Keycloak users may be able to remove MFA from other users' devicesCVE-2019-14837Criticalorg.keycloak:keycloak-core: keycloak vulnerable to unauthorized login via mail server setupCVE-2014-3656Mediumorg.keycloak:keycloak-core: JBoss KeyCloak Cross-site Scripting VulnerabilityCVE-2018-14658Mediumorg.keycloak:keycloak-core: Keycloak Open RedirectCVE-2022-1466Mediumorg.keycloak:keycloak-core: Improper authorization in KeycloakCVE-2021-20323Mediumorg.keycloak:keycloak-core: Cross-site Scripting in Keycloak

Stop the waste.
Protect your environment with Kodem.