Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
maven org.keycloak:keycloak-parent Security Advisories
Loading...
Moderate
Ecosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: 6 months ago
GSA_kwCzR0hTQS05N2c4LXhmdnctcTRoZ84AAwUZ
Keycloak vulnerable to session takeover with OIDC offline refreshtokensEcosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
Ecosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: over 1 year ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW02bW0tcTg2Mi1qMzY2
Improper Input Validation in KeycloakEcosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: over 1 year ago
High
Ecosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: 9 months ago
GSA_kwCzR0hTQS13ZjdnLTdoNmgtNjc4ds4AAvAX
Keycloak SAML javascript protocol mapper: Uploading of scripts through admin consoleEcosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: 9 months ago
High
Ecosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: 10 months ago
GSA_kwCzR0hTQS14djdoLTk1cjctNTk1as4AAuY6
Incorrect implementation of lockout feature in KeycloakEcosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: 10 months ago
Critical
Ecosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: 6 months ago
GSA_kwCzR0hTQS1nOHE4LWZnZ3gtOXIzcc4AAwUa
Keycloak vulnerable to path traversal via double URL encodingEcosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
Ecosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS1tOThnLTYzcWotZnA4as1BkA
Reflected XSS on clients-registrations endpointEcosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
Ecosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS05aGhjLXBqNHctdzVyds4AAx5K
Keycloak Cross-site Scripting on OpenID connect login serviceEcosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
Ecosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: over 1 year ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWoyMjktMmg2My1ydmg5
Improper Authentication for KeycloakEcosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
Ecosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: over 1 year ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ4NHEtNzg0cC04bTVo
Cross-site Scripting in keycloakEcosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
Ecosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: over 1 year ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhncGctNTkzci1oaHZw
Cross-site Scripting in KeycloakEcosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: over 1 year ago
High
Ecosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: over 1 year ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTUycmctaHB3cS1xcDU2
Allocation of Resources Without Limits or Throttling in KeycloakEcosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
Ecosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: over 1 year ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTcyajQtOTRyeC1jcjZ3
Incorrect Permission Assignment for Critical Resource and Permissive List of Allowed Inputs in KeycloakEcosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: over 1 year ago
High
Ecosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: over 1 year ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNwNjctOHczdy02aDlj
Path TraversalEcosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
Ecosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: over 1 year ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM1OTctZjc0bS1qZ2My
Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in KeycloakEcosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
Ecosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: over 1 year ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ2ZmMtZzhqNS05Y2Nm
Generation of Error Message Containing Sensitive Information in keybloackEcosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: over 1 year ago
High
Ecosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: about 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJtcTgtOTlxNy01NXd4
Code injection in keycloakEcosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
Ecosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: 9 months ago
GSA_kwCzR0hTQS13OW1mLTgzdzMtZnY0Oc4AAvAY
Keycloak vulnerable to Stored Cross site Scripting (XSS) when loading default rolesEcosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: 9 months ago
Moderate
Ecosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: over 1 year ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXAyMjUtcGMyeC00anBt
Incorrect Authorization in keycloakEcosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: over 1 year ago
Filter by Severity
Filter by Ecosystem
Filter by Package
org.jenkins-ci.main:jenkins-core
163
org.apache.tomcat:tomcat
78
com.fasterxml.jackson.core:jackson-databind
69
org.apache.struts:struts2-core
43
org.keycloak:keycloak-core
39
com.thoughtworks.xstream:xstream
37
org.apache.nifi:nifi
28
org.springframework:spring-core
27
io.undertow:undertow-core
26
com.liferay.portal:release.portal.bom
25
net.mingsoft:ms-mcms
25
org.elasticsearch:elasticsearch
23
org.xwiki.platform:xwiki-platform-oldcore
22
org.apache.tomcat.embed:tomcat-embed-core
22
org.jenkins-ci.plugins:script-security
21
org.apache.solr:solr-core
21
org.springframework.security:spring-security-core
21
org.eclipse.jetty:jetty-server
21
org.apache.openmeetings:openmeetings-parent
20
com.vaadin:vaadin-bom
19
org.keycloak:keycloak-parent
18
org.bouncycastle:bcprov-jdk14
17
org.apache.activemq:activemq-client
17
org.bouncycastle:bcprov-jdk15
16
org.apache.geode:geode-core
16
org.apache.jspwiki:jspwiki-main
15
org.apache.cxf:cxf
14
org.apache.dubbo:dubbo
14
org.apache.tika:tika-core
12
org.jenkins-ci.plugins.workflow:workflow-cps
11
org.jenkins-ci.plugins:git
11
org.apache.cxf:cxf-core
11
org.apache.hadoop:hadoop-common
11
org.apache.hadoop:hadoop-main
11
org.apache.jspwiki:jspwiki-war
11
org.apache.camel:camel-core
10
com.vaadin:flow-server
10
org.xwiki.platform:xwiki-platform-web
10
org.apache.ranger:ranger
10
org.xwiki.platform:xwiki-platform-web-templates
9
org.apache.xmlgraphics:batik
9
io.jenkins:configuration-as-code
9
org.apache.hive:hive
9
org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
9
org.jenkins-ci.plugins:email-ext
8
org.apache.tapestry:tapestry-core
8
org.apache.poi:poi
8
org.apache.shiro:shiro-core
8
org.apache.tika:tika
8
org.yaml:snakeyaml
8
org.apache.commons:commons-compress
8
org.apache.karaf:apache-karaf
8
mysql:mysql-connector-java
8
org.jboss.resteasy:resteasy-client
8
org.apache.pdfbox:pdfbox
8
org.keycloak:keycloak-services
8
org.apache.hive:hive-exec
8
org.apache.kylin:kylin
8
org.apache.ozone:ozone-main
8
org.apache.zeppelin:zeppelin
7
com.xuxueli:xxl-job
7
org.apache.archiva:archiva
7
org.springframework:spring-webmvc
7
io.jenkins.plugins:cavisson-ns-nd-integration
7
org.opennms:opennms
7
org.jenkins-ci.plugins:subversion
7
org.igniterealtime.openfire:parent
7
org.apache.atlas:atlas-common
7
org.apache.santuario:xmlsec
7
org.craftercms:crafter-studio
7
org.jruby:jruby-stdlib
7
rubygems-update
7
io.jenkins.blueocean:blueocean
7
org.postgresql:postgresql
7
org.apache.logging.log4j:log4j-core
7
com.jflyfox:jflyfox_jfinal
7
org.apache.httpcomponents:httpclient
7
org.apache.druid:druid
7
org.apache.spark:spark-core_2.11
7
org.apache.cxf:apache-cxf
7
org.apache.james:james-server
7
org.jeecgframework.boot:jeecg-boot-base
7
io.atomix:atomix
7
org.apache.hive:hive-service
7
org.apache.syncope:syncope-core
6
org.jenkins-ci.plugins:ec2
6
org.xwiki.platform:xwiki-platform-administration-ui
6
org.jenkins-ci.plugins:active-directory
6
org.apache.solr:solr-parent
6
org.csanchez.jenkins.plugins:kubernetes
6
org.apache.dolphinscheduler:dolphinscheduler
6
org.apache.mesos:mesos
6
com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger
6
commons-jxpath:commons-jxpath
6
org.opencastproject:opencast-kernel
6
io.dataease:dataease-plugin-common
6
commons-fileupload:commons-fileupload
6
org.springframework.amqp:spring-amqp
6
org.apache.tomcat:tomcat-catalina
6
org.apache.spark:spark-core_2.10
6
net.opentsdb:opentsdb
6
org.owasp.antisamy:antisamy
6
org.opencms:opencms-core
6
io.jenkins.plugins:miniorange-saml-sp
6
org.jenkins-ci.plugins:pipeline-maven
5
org.apache.shenyu:shenyu-common
5
org.biouno:uno-choice
5
org.jenkinsci.plugins:octoperf
5
org.jenkins-ci.plugins:repository-connector
5
org.jenkins-ci.plugins:ghprb
5
org.jeecgframework.boot:jeecg-boot-common
5
com.datapipe.jenkins.plugins:hashicorp-vault-plugin
5
com.synopsys.jenkinsci:ownership
5
tech.powerjob:powerjob
5
org.jenkins-ci.plugins:extended-choice-parameter
5
org.xwiki.commons:xwiki-commons-xml
5
xerces:xercesImpl
5
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer
5
org.craftercms:craftercms
5
io.vertx:vertx-web
5
com.fasterxml.woodstox:woodstox-core
5
org.jenkins-ci.plugins:openshift-deployer
5
org.neo4j.procedure:apoc
5
org.jenkins-ci.plugins:ec2-deployment-dashboard
5
org.dspace:dspace-jspui
5
org.apache.hadoop:hadoop-client
5
org.owasp.esapi:esapi
5
org.bouncycastle:bcprov-jdk15on
5
com.hazelcast:hazelcast
5
org.jenkins-ci.plugins:mercurial
5
io.netty:netty-handler
5
org.apache.cxf.fediz:fediz-spring2
5
org.jenkins-ci.plugins:mailer
5
info.magnolia:magnolia-core
5
org.jeecgframework.boot:jeecg-boot-base-core
5
io.netty:netty-codec-http
5
org.apache.storm:storm-core
5
org.apache.ignite:ignite-core
5
org.codehaus.jettison:jettison
5
com.alibaba:dubbo
5
org.jboss.resteasy:resteasy-bom
5
org.apache.activemq:activemq-parent
5
org.infinispan:infinispan-core
5
edu.stanford.nlp:stanford-corenlp
5
org.jenkins-ci.plugins:codedx
5
org.apache.kafka:kafka
5
log4j:log4j
5
org.apache.struts:struts2-rest-plugin
4
org.jenkins-ci.plugins:tfs
4
org.jenkins-ci.plugins:hp-application-automation-tools-plugin
4
com.google.protobuf:protobuf-java
4
org.jenkins-ci.plugins:config-file-provider
4
org.jenkins-ci.plugins:ssh
4
org.jenkins-ci.plugins:requests
4
org.jenkins-ci.plugins:p4
4
org.jenkins-ci.plugins:cons3rt
4
org.jenkins-ci.plugins:junit
4
com.xebialabs.deployit.ci:deployit-plugin
4
org.jenkins-ci.plugins:google-login
4
org.jenkins-ci.plugins:coverity
4
org.jenkins-ci.plugins:google-compute-engine
4
org.jenkins-ci.plugins:rapiddeploy-jenkins
4
org.jenkins-ci.plugins:ansible
4
com.elasticbox.jenkins-ci.plugins:kubernetes-ci
4
org.jenkins-ci.plugins:libvirt-slave
4
org.jenkins-ci.plugins:crx-content-package-deployer
4
org.jenkins-ci.plugins:build-publisher
4
org.jenkins-ci.plugins:gitlab-oauth
4
org.jenkins-ci.plugins:ci-with-toad-edge
4
com.surenpi.jenkins:phoenix-autotest
4
org.jenkins-ci.plugins:kubernetes-cd
4
org.jenkins-ci.plugins:publish-over-ssh
4
org.apache.cassandra:cassandra-all
4
com.alibaba.nacos:nacos-common
4
aws-iot-device-sdk-v2
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
com.h2database:h2
4
com.nimbusds:nimbus-jose-jwt
4
io.hawt:project
4
org.glassfish:javax.faces
4
struts:struts
4
com.compuware.jenkins:compuware-topaz-for-total-test
4
org.jenkins-ci.plugins:reportportal
4
org.jenkins-ci.plugins:katalon
4
org.jenkins-ci.plugins:rundeck
4
org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki
4
org.jenkins-ci.plugins:deployer-framework
4
net.bull.javamelody:javamelody-core
4
awsiotsdk
4
org.apache.derby:derby
4
org.opensaml:opensaml
4
com.convertigo.jenkins.plugins:convertigo-mobile-platform
4
org.apache.ws.security:wss4j
4
org.springframework.security.oauth:spring-security-oauth2
4
org.apache.kylin:kylin-server-base
4
org.apache.thrift:libthrift
4
org.jolokia:jolokia-core
4
org.wildfly.security:wildfly-elytron
4
org.jenkins-ci.plugins:matrix-project
4
org.jenkins-ci.plugins:jira-steps
4
org.mortbay.jetty:jetty
4
org.jvnet.hudson.plugins:storable-configs-plugin
4
org.xwiki.platform:xwiki-platform-attachment-ui
4
io.swagger:swagger-codegen
4
com.itextpdf:itext7-core
4
com.typesafe.play:play_2.12
4
hudson.plugins:project-inheritance
4
org.opencastproject:opencast-common
4
org.apache.cxf:cxf-rt-frontend-jaxrs
4
com.vaadin:vaadin-server
4
io.ratpack:ratpack-core
4
org.directwebremoting:dwr
4
org.opensearch.plugin:opensearch-security
4
org.xwiki.platform:xwiki-platform-flamingo-theme-ui
4
com.typesafe.play:play
4
org.jenkins-ci.plugins:wso2id-oauth
4
org.jenkins-ci.plugins:credentials
4
org.apache.ant:ant
4
org.apache.axis:axis
4
org.apache.qpid:qpid-broker
4
org.apache.olingo:odata-client-core
3
org.jenkins-ci.plugins:fortify-on-demand-uploader
3
org.apache.qpid:proton-j
3
io.vertx:vertx-core
3
com.orientechnologies:orientdb-studio
3
org.jenkins-ci.plugins:autocomplete-parameter
3
org.jenkins-ci.plugins:cloudbees-jenkins-advisor
3
io.apiman:apiman-manager-api-rest-impl
3
org.jenkins-ci.plugins:zephyr-for-jira-test-management
3
org.jenkins-ci.plugins:elastest
3
org.springframework.data:spring-data-commons
3
org.apache.spark:spark-core
3
org.restlet.jse:org.restlet
3
com.ctrip.framework.apollo:apollo
3
org.xwiki.platform:xwiki-platform-panels-ui
3
org.jenkins-ci.plugins:database
3
org.jenkins-ci.tools:git-parameter
3
io.jenkins.plugins:code-coverage-api
3
com.linecorp.armeria:armeria
3
org.jenkins-ci.plugins:liquibase-runner
3
com.google.protobuf:protobuf-javalite
3
org.springframework:spring-webflux
3
net.praqma:rqm-plugin
3
org.jenkins-ci.plugins:support-core
3
org.jenkins-ci.plugins:icescrum
3
org.eclipse.jetty:jetty-webapp
3
cn.hutool:hutool-json
3
org.jenkins-ci.plugins:promoted-builds
3
com.groupon.jenkins-ci.plugins:DotCi
3
com.xebialabs.ci:xlrelease-plugin
3
org.jenkins-ci.plugins:github-branch-source
3
org.jenkins-ci.plugins:vsphere-cloud
3
org.jenkins-ci.plugins:pipeline-input-step
3
com.moded.extendedchoiceparameter:dynamic_extended_choice_parameter
3
org.jenkins-ci.plugins:google-kubernetes-engine
3
org.jenkins-ci.plugins:anchore-container-scanner
3
org.jenkins-ci.plugins:jira
3
org.jenkins-ci.plugins:dynatrace-dashboard
3
de.tum.in.ase:artemis-java-test-sandbox
3
org.jenkins-ci.plugins:bitbucket-oauth
3
org.apache.karaf:karaf
3
org.jenkins-ci.plugins:generic-webhook-trigger
3
org.jenkins-ci.plugins:sinatra-chef-builder
3
org.jenkins-ci.plugins:dbCharts
3
org.conjur.jenkins:conjur-credentials
3
org.jenkins-ci.plugins:rocketchatnotifier
3
org.jenkins-ci.plugins:role-strategy
3
org.igniterealtime.openfire:xmppserver
3
org.jenkins-ci.plugins:azure-credentials
3
org.apache.atlas:apache-atlas
3
com.xuxueli:xxl-job-core
3
org.jenkins-ci.plugins:cas-plugin
3
org.bouncycastle:bc-fips
3
org.bouncycastle:bcprov-jdk16
3
io.goobi.viewer:viewer-core
3
org.apache.unomi:unomi
3
org.richfaces:richfaces-core
3
org.graylog2:graylog2-server
3
org.springframework.data:spring-data-rest-core
3
org.apache.jmeter:ApacheJMeter
3
org.apache.sling:org.apache.sling.xss
3
org.jboss.resteasy:resteasy-core
3
org.apache.activemq:apache-artemis
3
io.projectreactor.netty:reactor-netty-http
3
org.jenkins-ci.plugins:pipeline-build-step
3
org.jenkins-ci.plugins:audit-trail
3
org.springframework.data:spring-data-jpa
3
fr.edf.jenkins.plugins:mac
3
com.adobe.acs:acs-aem-commons
3
org.apache.iotdb:iotdb-parent
3
com.geteasyqa:easyqa
3
org.jenkins-ci.plugins:embeddable-build-status
3
org.jenkins-ci.plugins:lucene-search
3
org.jenkins-ci.plugins:openstack-heat
3
org.jenkins-ci.plugins:recipe
3
org.jenkins-ci.plugins:gitlab-plugin
3
org.jenkins-ci.plugins:xpath-config-viewer
3
org.apache.sling:org.apache.sling.api
3
org.springframework.cloud:spring-cloud-config-server
3
org.jsoup:jsoup
3