Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

maven org.keycloak:keycloak-services Security Advisories

Loading...
Low
GSA_kwCzR0hTQS03ZnBqLTlocjgtMjh2aM4AA7JC
Keycloak vulnerable to impersonation via logout token exchange
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1jOWg2LXY3OHctNTJ3as4AA7JB
Keycloak vulnerable to session hijacking via re-authentication
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: 9 days ago
High
GSA_kwCzR0hTQS03MnZwLXhmcmMtNDJ4bc4AA7JA
Keycloak path transversal vulnerability in redirection validation
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 22.3
Published: 9 days ago
High
GSA_kwCzR0hTQS1tNnE5LXAzNzMtZzVxOM4AA7I_
Keycloak's unvalidated cross-origin messages in checkLoginIframe leads to DDoS
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1qNjI4LXE4ODUtOGdyNc4AA7I-
Keycloak vulnerable to log Injection during WebAuthn authentication or registration
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 14.6
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS00NmM4LTYzNXYtNjhyMs4AA7I4
Keycloak Authorization Bypass vulnerability
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS04cm1tLWdtMjgtcGo4cc4AA7I3
Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS00ZjUzLXhoM3YtZzh4NM4AA7I2
Keycloak secondary factor bypass in step-up authentication
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 9 days ago
High
GSA_kwCzR0hTQS1tcnY4LXBxZmotN2dwNc4AA7I1
Keycloak path traversal vulnerability in the redirect validation
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 9 days ago
High
GSA_kwCzR0hTQS1tcHdxLWozeGYtN201d84AA39_
The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1jdmcyLTdjM2otZzM2as4AA34J
Keycloak vulnerable to reflected XSS via wildcard in OIDC redirect_uri
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 4 months ago
Low
GSA_kwCzR0hTQS04aGM1LXJtZ2YtcXg2cM4AA3a0
Keycloak vulnerable to LDAP Injection on UsernameForm Login
Ecosystems: maven
Packages: org.keycloak:keycloak-services, org.keycloak:keycloak-ldap-federation
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
High
GSA_kwCzR0hTQS0zcWg1LXFxajItYzc4Zs4AA0KI
Keycloak vulnerable to Improper Client Certificate Validation for OAuth/OpenID clients
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 10 months ago
Critical
GSA_kwCzR0hTQS0zcDYyLTZmamgtM3A1aM4AA0KH
Keycloak vulnerable to cross-site scripting when validating URI-schemes on SAML and OIDC
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: 10 months ago
Low
GSA_kwCzR0hTQS1mNWg0LXdtcDUteGhnNs4AA0KF
Client Spoofing within the Keycloak Device Authorisation Grant
Ecosystems: maven
Packages: org.keycloak:keycloak-server-spi-private, org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: 10 months ago
High
GSA_kwCzR0hTQS05Zzk4LTVtajYtZjltds4AAx6j
Keycloak vulnerable to user impersonation via stolen UUID code
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1tNGZ2LWdtNW0tNDcyNc4AAx5L
HTML Injection in Keycloak Admin REST API
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS13MzU0LTJmM2MtcXZnOc4AAx5J
Keycloak vulnerable to Cross-site Scripting
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01cjd3LXBqeDgtOTlxZ84AAgT1
JBoss KeyCloak Open Redirect
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yMzdxLTZoanAtcGNocc4AAgTT
JBoss KeyCloak is vulnerable to soft token deletion via CSRF
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS14cjZxLXFxeDctNTUzZ84AAYP5
JBoss Keycloak CSRF Vulnerability
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14dnY4LTh3aDktOWZoMs4AARPu
Keycloak Authentication Error
Ecosystems: maven
Packages: org.keycloak:keycloak-services, org.keycloak:keycloak-saml-adapter-core
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1td200LTVxd3ItZzlwZs1Bjw
Keycloak is vulnerable to IDN homograph attack
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wZjM4LWN3M3AtMjJxOc1Bjg
Keycloak is vulnerable to IDN homograph attack
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 14.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS03NXA2LTUyZzMtcnFjOM1BLA
Keycloak vulnerable to privilege escalation on Token Exchange feature
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ4NHEtNzg0cC04bTVo
Cross-site Scripting in keycloak
Ecosystems: maven
Packages: org.keycloak:keycloak-services, org.keycloak:keycloak-server-spi-private
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS04M3g0LTljd3ItNTQ4N80gtA
Improper Authorization in Keycloak
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: over 2 years ago
Statistics
Advisories: 18,139
Packages: 8,241
Repositories: 2
Ecosystems: 12
Filter by Severity
Moderate 7,815 High 6,287 Critical 2,787 Low 966
Filter by Ecosystem
maven 5,518 packagist 3,781 pypi 3,550 npm 3,530 go 1,878 nuget 1,390 rubygems 812 cargo 773 swift 31 hex 29 actions 16 pub 8
Filter by Package
org.jenkins-ci.main:jenkins-core 189 org.apache.tomcat:tomcat 134 com.fasterxml.jackson.core:jackson-databind 69 org.apache.struts:struts2-core 55 org.keycloak:keycloak-core 47 com.liferay.portal:release.portal.bom 45 org.apache.tomcat.embed:tomcat-embed-core 37 com.thoughtworks.xstream:xstream 36 com.jfinal:jfinal 36 net.mingsoft:ms-mcms 35 org.xwiki.platform:xwiki-platform-oldcore 34 org.elasticsearch:elasticsearch 32 org.jenkins-ci.plugins:script-security 30 io.undertow:undertow-core 27 org.keycloak:keycloak-services 27 org.apache.solr:solr-core 25 org.keycloak:keycloak-parent 25 org.eclipse.jetty:jetty-server 23 org.springframework.security:spring-security-core 23 org.apache.nifi:nifi 22 org.apache.openmeetings:openmeetings-parent 21 org.cloudfoundry.identity:cloudfoundry-identity-server 20 org.springframework:spring-core 19 com.liferay.portal:release.dxp.bom 18 com.vaadin:vaadin-bom 18 org.bouncycastle:bcprov-jdk14 18 org.xwiki.platform:xwiki-platform-web-templates 17 org.apache.geode:geode-core 17 org.apache.dubbo:dubbo 16 org.bouncycastle:bcprov-jdk15 16 org.apache.activemq:activemq-client 16 org.apache.struts.xwork:xwork-core 15 org.apache.jspwiki:jspwiki-main 15 org.xwiki.platform:xwiki-platform-web 14 org.apache.inlong:manager-pojo 13 org.apache.hadoop:hadoop-main 13 org.apache.cxf:cxf 13 org.jenkins-ci.plugins.workflow:workflow-cps 12 org.jenkins-ci.plugins:git 12 com.vaadin:flow-server 12 org.apache.dolphinscheduler:dolphinscheduler 12 org.igniterealtime.openfire:parent 11 org.jenkins-ci.plugins:email-ext 11 org.apache.cxf:cxf-core 11 org.apache.james:james-server 11 org.apache.commons:commons-compress 11 org.jeecgframework.boot:jeecg-boot-common 11 org.apache.camel:camel-core 11 org.apache.jspwiki:jspwiki-war 11 org.mortbay.jetty:jetty 11 org.apache.ranger:ranger 11 org.apache.hadoop:hadoop-common 11 org.apache.tomcat:tomcat-coyote 11 org.apache.tika:tika-core 11 org.jeecgframework.boot:jeecg-boot-parent 11 com.xuxueli:xxl-job 11 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 10 io.netty:netty 10 org.jboss.netty:netty 10 org.apache.inlong:manager-service 10 org.xwiki.platform:xwiki-platform-administration-ui 10 org.apache.hive:hive 9 org.craftercms:crafter-studio 9 org.bouncycastle:bcprov-jdk15on 9 org.jenkins-ci.plugins:active-directory 9 org.jenkins-ci.plugins:electricflow 9 org.opencrx:opencrx-core-models 9 org.apache.shiro:shiro-core 9 io.jenkins:configuration-as-code 9 cn.hutool:hutool-core 9 com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer 9 org.opennms:opennms 9 org.apache.tapestry:tapestry-core 9 org.apache.archiva:archiva 9 org.springframework:spring-web 9 org.apache.xmlgraphics:batik 9 jquery 9 jquery-rails 9 org.apache.tomcat:tomcat-catalina 9 org.jenkins-ci.plugins:config-file-provider 9 org.webjars.npm:jquery 9 org.springframework:spring-webmvc 9 jQuery 8 org.apache.ozone:ozone-main 8 org.postgresql:postgresql 8 com.hazelcast:hazelcast 8 org.apache.kylin:kylin 8 org.apache.zeppelin:zeppelin 8 org.apache.santuario:xmlsec 8 org.apache.ambari:ambari 8 org.apache.hive:hive-exec 8 io.jenkins.blueocean:blueocean 8 org.jenkins-ci.plugins:ec2 8 org.opencms:opencms-core 8 org.apache.pdfbox:pdfbox 8 mysql:mysql-connector-java 8 org.graylog2:graylog2-server 8 org.yaml:snakeyaml 8 org.jenkins-ci.plugins:artifactory 7 org.jenkins-ci.plugins:jobConfigHistory 7 io.dataease:dataease-plugin-common 7 org.jenkins-ci.plugins:rundeck 7 org.silverpeas.core:silverpeas-core-web 7 org.apache.spark:spark-core_2.11 7 io.atomix:atomix 7 org.jboss.resteasy:resteasy-client 7 org.apache.linkis:linkis 7 org.apache.tika:tika 7 io.jenkins.plugins:cavisson-ns-nd-integration 7 org.apache.inlong:manager-web 7 org.owasp.esapi:esapi 7 org.jeecgframework.boot:jeecg-boot-base 7 jQuery.UI.Combined 7 org.apache.hive:hive-service 7 org.webjars.npm:jquery-ui 7 org.owasp.antisamy:antisamy 7 jquery-ui-rails 7 io.jenkins.plugins:miniorange-saml-sp 7 org.jenkins-ci.plugins:subversion 7 org.apache.atlas:atlas-common 7 io.jenkins.plugins:warnings-ng 7 org.apache.logging.log4j:log4j-core 7 jquery-ui 7 org.apache.karaf:apache-karaf 7 org.apache.cxf:apache-cxf 7 org.jenkins-ci.plugins:openshift-deployer 7 rubygems-update 7 org.apache.activemq:activemq-parent 7 org.jenkins-ci.plugins:mercurial 7 org.jruby:jruby-stdlib 7 org.apache.derby:derby 7 net.opentsdb:opentsdb 7 org.apache.poi:poi 7 com.jflyfox:jflyfox_jfinal 6 org.apache.solr:solr-parent 6 org.opencastproject:opencast-kernel 6 org.apache.storm:storm-core 6 org.jenkins-ci.plugins:fortify-on-demand-uploader 6 org.jenkins-ci.plugins:ec2-deployment-dashboard 6 org.xwiki.commons:xwiki-commons-xml 6 org.apache.spark:spark-core_2.10 6 org.apache.mesos:mesos 6 com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger 6 org.jenkins-ci.plugins:pipeline-maven 6 org.apache.httpcomponents:httpclient 6 org.jenkins-ci.plugins:repository-connector 6 org.apache.syncope:syncope-core 6 axis:axis 6 org.opensearch.plugin:opensearch-security 6 io.netty:netty-codec-http 6 org.csanchez.jenkins.plugins:kubernetes 6 de.tum.in.ase:artemis-java-test-sandbox 6 tech.powerjob:powerjob 6 org.jenkins-ci.plugins:gitlab-oauth 6 io.netty:netty-handler 6 commons-fileupload:commons-fileupload 6 org.jenkins-ci.plugins:azure-vm-agents 6 cn.hutool:hutool-json 6 hudson.plugins:project-inheritance 6 com.xebialabs.deployit.ci:deployit-plugin 6 org.apache.pulsar:pulsar-broker 6 org.apache.shenyu:shenyu-common 6 org.apache.axis:axis 6 org.apache.struts:struts2-rest-plugin 6 org.jenkins-ci.plugins:openid 5 org.xwiki.platform:xwiki-platform-appwithinminutes-ui 5 org.apache.cassandra:cassandra-all 5 org.jenkins-ci.plugins:junit 5 org.springframework.amqp:spring-amqp 5 org.apache.druid:druid 5 org.jenkins-ci.plugins:codedx 5 com.ruoyi:ruoyi 5 org.jenkins-ci.plugins:matrix-project 5 org.jenkinsci.plugins:octoperf 5 org.jenkins-ci.plugins:google-login 5 org.opennms:opennms-webapp 5 info.magnolia:magnolia-core 5 edu.stanford.nlp:stanford-corenlp 5 com.google.protobuf:protobuf-java 5 org.codehaus.jettison:jettison 5 org.xwiki.platform:xwiki-platform-flamingo-skin-resources 5 org.jenkins-ci.plugins:azure-ad 5 org.jenkins-ci.plugins:scriptler 5 log4j:log4j 5 org.jenkins-ci.plugins:credentials 5 org.jenkins-ci.plugins:ghprb 5 org.jenkins-ci.plugins:delphix 5 org.jenkins-ci.plugins:websphere-deployer 5 org.apache.hadoop:hadoop-client 5 org.zenframework.z8.dependencies.commons:log4j-1.2.17 5 org.jenkins-ci.plugins:publish-over-ssh 5 org.apache.kylin:kylin-server-base 5 org.jenkins-ci.plugins:support-core 5 org.jboss.resteasy:resteasy-bom 5 org.jenkins-ci.plugins.m2release:m2release 5 org.apache.inlong:manager-dao 5 com.coravy.hudson.plugins.github:github 5 com.mabl.integration.jenkins:mabl-integration 5 org.dspace:dspace-jspui 5 org.jenkins-ci.plugins:gitlab-plugin 5
Filter by Repository
https://github.com/keycloak/keycloak 26