Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

maven org.keycloak:keycloak-services Security Advisories

Browse all Security Advisories for maven org.keycloak:keycloak-services

Loading...
High
GSA_kwCzR0hTQS01cnhwLTJyaHItcXdxds4ABAQT
Session fixation in Elytron SAML adapters
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS13OGdyLXh3cDQtcjlmN84ABAQS
Vulnerable Redirect URI Validation Results in Open Redirect
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: about 1 month ago
High
GSA_kwCzR0hTQS12dmY4LTJoNjgtOTQ3Nc4AA_sf
Keycloak Open Redirect vulnerability
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1nYzdxLWpnanYtdmpyMs4AA_nT
Keycloak Services has a potential bypass of brute force protection
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: 2 months ago
High
GSA_kwCzR0hTQS1qNzZqLXJxd2otam12ds4AA_Yo
Keycloak Session Fixation vulnerability
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 2 months ago
Low
GSA_kwCzR0hTQS1jcTQyLXZodjcteHI3cM4AA8_H
Keycloak Denial of Service via account lockout
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 5 months ago
Low
GSA_kwCzR0hTQS00dmM4LXBnNWMtdmc0eM4AA8_G
Keycloak's improper input validation allows using email as username
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 5 months ago
High
GSA_kwCzR0hTQS0yY3d3LWZnbWctNGpxY84AA88y
Keycloak's admin API allows low privilege users to use administrative functions
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 22.3
Published: 5 months ago
High
GSA_kwCzR0hTQS02OWZwLTdjOHAtY3Jqcs4AA84T
Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 20.6
Published: 5 months ago
Low
GSA_kwCzR0hTQS03ZnBqLTlocjgtMjh2aM4AA7JC
Keycloak vulnerable to impersonation via logout token exchange
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1jOWg2LXY3OHctNTJ3as4AA7JB
Keycloak vulnerable to session hijacking via re-authentication
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: 7 months ago
High
GSA_kwCzR0hTQS03MnZwLXhmcmMtNDJ4bc4AA7JA
Keycloak path traversal vulnerability in redirection validation
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 22.3
Published: 7 months ago
High
GSA_kwCzR0hTQS1tNnE5LXAzNzMtZzVxOM4AA7I_
Keycloak's unvalidated cross-origin messages in checkLoginIframe leads to DDoS
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1qNjI4LXE4ODUtOGdyNc4AA7I-
Keycloak vulnerable to log Injection during WebAuthn authentication or registration
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 14.6
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS00NmM4LTYzNXYtNjhyMs4AA7I4
Keycloak Authorization Bypass vulnerability
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS04cm1tLWdtMjgtcGo4cc4AA7I3
Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS00ZjUzLXhoM3YtZzh4NM4AA7I2
Keycloak secondary factor bypass in step-up authentication
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 7 months ago
High
GSA_kwCzR0hTQS1tcnY4LXBxZmotN2dwNc4AA7I1
Keycloak path traversal vulnerability in the redirect validation
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 7 months ago
High
GSA_kwCzR0hTQS1tcHdxLWozeGYtN201d84AA39_
The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1jdmcyLTdjM2otZzM2as4AA34J
Keycloak vulnerable to reflected XSS via wildcard in OIDC redirect_uri
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 11 months ago
Low
GSA_kwCzR0hTQS04aGM1LXJtZ2YtcXg2cM4AA3a0
Keycloak vulnerable to LDAP Injection on UsernameForm Login
Ecosystems: maven
Packages: org.keycloak:keycloak-services, org.keycloak:keycloak-ldap-federation
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
High
GSA_kwCzR0hTQS0zcWg1LXFxajItYzc4Zs4AA0KI
Keycloak vulnerable to Improper Client Certificate Validation for OAuth/OpenID clients
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0zcDYyLTZmamgtM3A1aM4AA0KH
Keycloak vulnerable to cross-site scripting when validating URI-schemes on SAML and OIDC
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1mNWg0LXdtcDUteGhnNs4AA0KF
Client Spoofing within the Keycloak Device Authorisation Grant
Ecosystems: maven
Packages: org.keycloak:keycloak-server-spi-private, org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: over 1 year ago
High
GSA_kwCzR0hTQS05Zzk4LTVtajYtZjltds4AAx6j
Keycloak vulnerable to user impersonation via stolen UUID code
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1tNGZ2LWdtNW0tNDcyNc4AAx5L
HTML Injection in Keycloak Admin REST API
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13MzU0LTJmM2MtcXZnOc4AAx5J
Keycloak vulnerable to Cross-site Scripting
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01cjd3LXBqeDgtOTlxZ84AAgT1
JBoss KeyCloak Open Redirect
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0yMzdxLTZoanAtcGNocc4AAgTT
JBoss KeyCloak is vulnerable to soft token deletion via CSRF
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS14cjZxLXFxeDctNTUzZ84AAYP5
JBoss Keycloak CSRF Vulnerability
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS14dnY4LTh3aDktOWZoMs4AARPu
Keycloak Authentication Error
Ecosystems: maven
Packages: org.keycloak:keycloak-services, org.keycloak:keycloak-saml-adapter-core
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1td200LTVxd3ItZzlwZs1Bjw
Keycloak is vulnerable to IDN homograph attack
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1wZjM4LWN3M3AtMjJxOc1Bjg
Keycloak is vulnerable to IDN homograph attack
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 14.6
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS03NXA2LTUyZzMtcnFjOM1BLA
Keycloak vulnerable to privilege escalation on Token Exchange feature
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ4NHEtNzg0cC04bTVo
Cross-site Scripting in keycloak
Ecosystems: maven
Packages: org.keycloak:keycloak-services, org.keycloak:keycloak-server-spi-private
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: almost 3 years ago
High
GSA_kwCzR0hTQS04M3g0LTljd3ItNTQ4N80gtA
Improper Authorization in Keycloak
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: almost 3 years ago
Statistics
Advisories: 20,668
Packages: 9,040
Repositories: 2
Ecosystems: 12
Filter by Severity
Moderate 8,836 High 7,269 Critical 3,070 Low 1,144
Filter by Ecosystem
maven 5,864 packagist 4,634 pypi 4,352 npm 3,812 go 2,295 nuget 1,552 cargo 882 rubygems 880 swift 33 hex 32 actions 20 pub 9
Filter by Package
org.jenkins-ci.main:jenkins-core 193 org.apache.tomcat:tomcat 132 com.fasterxml.jackson.core:jackson-databind 69 org.apache.struts:struts2-core 55 org.keycloak:keycloak-core 51 com.liferay.portal:release.portal.bom 46 org.apache.tomcat.embed:tomcat-embed-core 38 org.xwiki.platform:xwiki-platform-oldcore 37 com.thoughtworks.xstream:xstream 37 com.jfinal:jfinal 36 org.elasticsearch:elasticsearch 36 org.keycloak:keycloak-services 36 net.mingsoft:ms-mcms 35 io.undertow:undertow-core 34 org.jenkins-ci.plugins:script-security 33 org.apache.solr:solr-core 25 org.keycloak:keycloak-parent 25 org.eclipse.jetty:jetty-server 24 org.springframework.security:spring-security-core 24 org.bouncycastle:bcprov-jdk14 22 org.apache.openmeetings:openmeetings-parent 21 org.apache.nifi:nifi 21 org.cloudfoundry.identity:cloudfoundry-identity-server 20 org.springframework:spring-core 19 org.xwiki.platform:xwiki-platform-web-templates 19 com.liferay.portal:release.dxp.bom 18 com.vaadin:vaadin-bom 18 org.apache.geode:geode-core 17 org.apache.jspwiki:jspwiki-main 16 org.apache.activemq:activemq-client 16 org.bouncycastle:bcprov-jdk15 16 org.apache.dubbo:dubbo 16 org.apache.struts.xwork:xwork-core 15 org.apache.tomcat:tomcat-coyote 14 org.apache.inlong:manager-pojo 14 org.xwiki.platform:xwiki-platform-web 14 org.apache.hadoop:hadoop-main 13 org.jenkins-ci.plugins.workflow:workflow-cps 13 org.apache.cxf:cxf 13 org.apache.hadoop:hadoop-common 12 com.vaadin:flow-server 12 org.bouncycastle:bcprov-jdk15on 12 org.jeecgframework.boot:jeecg-boot-parent 12 org.apache.dolphinscheduler:dolphinscheduler 12 org.jenkins-ci.plugins:git 12 org.jenkins-ci.plugins:email-ext 11 org.mortbay.jetty:jetty 11 com.xuxueli:xxl-job 11 org.apache.jspwiki:jspwiki-war 11 org.apache.tika:tika-core 11 org.igniterealtime.openfire:parent 11 org.jeecgframework.boot:jeecg-boot-common 11 org.apache.camel:camel-core 11 org.apache.cxf:cxf-core 11 org.springframework:spring-webmvc 11 org.apache.james:james-server 11 org.apache.commons:commons-compress 11 org.apache.ranger:ranger 11 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 10 io.netty:netty 10 org.jboss.netty:netty 10 org.xwiki.platform:xwiki-platform-administration-ui 10 org.apache.tomcat:tomcat-catalina 10 org.springframework:spring-web 10 org.apache.inlong:manager-service 10 org.jenkins-ci.plugins:config-file-provider 9 bootstrap 9 bootstrap 9 org.apache.tapestry:tapestry-core 9 org.jenkins-ci.plugins:electricflow 9 org.apache.shiro:shiro-core 9 org.webjars:bootstrap 9 twbs/bootstrap 9 org.opennms:opennms 9 org.apache.linkis:linkis 9 cn.hutool:hutool-core 9 bootstrap 9 org.apache.kylin:kylin 9 org.opencrx:opencrx-core-models 9 org.opencms:opencms-core 9 org.bouncycastle:bcprov-jdk15to18 9 org.apache.hive:hive 9 org.craftercms:crafter-studio 9 io.jenkins:configuration-as-code 9 org.apache.xmlgraphics:batik 9 org.jenkins-ci.plugins:active-directory 9 org.apache.archiva:archiva 9 com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer 9 org.apache.ambari:ambari 8 pyspark 8 org.graylog2:graylog2-server 8 org.apache.pdfbox:pdfbox 8 io.jenkins.blueocean:blueocean 8 jquery-rails 8 org.webjars.npm:jquery 8 jquery 8 org.jenkins-ci.plugins:ec2 8 org.apache.hive:hive-exec 8 org.postgresql:postgresql 8 mysql:mysql-connector-java 8 org.apache.zeppelin:zeppelin 8 org.apache.ozone:ozone-main 8 com.hazelcast:hazelcast 8 org.apache.santuario:xmlsec 8 org.yaml:snakeyaml 8 jQuery 7 org.owasp.esapi:esapi 7 org.apache.spark:spark-core_2.11 7 org.apache.poi:poi 7 org.jenkins-ci.plugins:rundeck 7 org.apache.activemq:activemq-parent 7 io.dataease:dataease-plugin-common 7 org.jenkins-ci.plugins:oic-auth 7 org.apache.derby:derby 7 org.apache.hive:hive-service 7 org.apache.inlong:manager-web 7 io.atomix:atomix 7 org.jboss.resteasy:resteasy-client 7 net.opentsdb:opentsdb 7 io.jenkins.plugins:warnings-ng 7 jquery-ui 7 jquery-ui-rails 7 org.jeecgframework.boot:jeecg-boot-base 7 org.webjars.npm:jquery-ui 7 jQuery.UI.Combined 7 io.jenkins.plugins:miniorange-saml-sp 7 org.apache.logging.log4j:log4j-core 7 org.silverpeas.core:silverpeas-core-web 7 bootstrap.sass 7 org.jenkins-ci.plugins:openshift-deployer 7 org.jenkins-ci.plugins:mercurial 7 org.owasp.antisamy:antisamy 7 rubygems-update 7 org.jruby:jruby-stdlib 7 org.jenkins-ci.plugins:jobConfigHistory 7 org.apache.karaf:apache-karaf 7 org.jenkins-ci.plugins:subversion 7 io.jenkins.plugins:cavisson-ns-nd-integration 7 org.apache.cxf:apache-cxf 7 org.apache.tika:tika 7 org.jenkins-ci.plugins:artifactory 7 bootstrap-sass 7 org.apache.atlas:atlas-common 7 axis:axis 6 org.apache.axis:axis 6 org.apache.pulsar:pulsar-broker 6 com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger 6 org.apache.shenyu:shenyu-common 6 org.apache.druid:druid 6 com.xebialabs.deployit.ci:deployit-plugin 6 org.csanchez.jenkins.plugins:kubernetes 6 org.jenkins-ci.plugins:ec2-deployment-dashboard 6 org.bouncycastle:bcprov-jdk18on 6 hudson.plugins:project-inheritance 6 de.tum.in.ase:artemis-java-test-sandbox 6 org.jenkins-ci.plugins:azure-vm-agents 6 org.opensearch.plugin:opensearch-security 6 org.apache.solr:solr-parent 6 org.apache.mesos:mesos 6 org.jenkins-ci.plugins:gitlab-oauth 6 org.apache.spark:spark-core_2.10 6 io.netty:netty-codec-http 6 org.jenkins-ci.plugins:fortify-on-demand-uploader 6 org.apache.struts:struts2-rest-plugin 6 commons-fileupload:commons-fileupload 6 com.google.protobuf:protobuf-java 6 org.jenkins-ci.plugins:repository-connector 6 org.xwiki.commons:xwiki-commons-xml 6 org.apache.httpcomponents:httpclient 6 cn.hutool:hutool-json 6 com.jflyfox:jflyfox_jfinal 6 org.apache.storm:storm-core 6 io.netty:netty-handler 6 org.infinispan:infinispan-core 6 org.jenkins-ci.plugins:pipeline-maven 6 org.apache.syncope:syncope-core 6 org.opencastproject:opencast-kernel 6 tech.powerjob:powerjob 6 org.jenkins-ci.plugins:azure-ad 5 org.jenkins-ci.plugins:gitlab-plugin 5 ca.uhn.hapi.fhir:org.hl7.fhir.r5 5 org.apache.streampark:streampark 5 log4j:log4j 5 org.zenframework.z8.dependencies.commons:log4j-1.2.17 5 io.vertx:vertx-web 5 com.ruoyi:ruoyi 5 org.jenkins-ci.plugins:scriptler 5 org.jenkins-ci.plugins:codedx 5 com.nimbusds:nimbus-jose-jwt 5 com.datapipe.jenkins.plugins:hashicorp-vault-plugin 5 org.apache.zeppelin:zeppelin-server 5 org.opennms:opennms-webapp 5 org.neo4j.procedure:apoc 5 io.vertx:vertx-core 5 org.dspace:dspace-jspui 5 org.jenkins-ci.plugins:delphix 5 org.jenkins-ci.plugins:fortify 5 org.jeecgframework.boot:jeecg-boot-base-core 5 org.apache.inlong:manager-dao 5 org.geoserver:gs-wms 5
Filter by Repository
https://github.com/keycloak/keycloak 35