pkg:Maven/org.keycloak:keycloak-parent

25 total CVEsCRITICAL2HIGH12MEDIUM9LOW2

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2019-14910Keycloak Authentication Error
    >= 7.0.0, <= 7.0.1
  • CRITICAL9.1CVE-2022-3782Keycloak vulnerable to path traversal via double URL encoding
    from 0, < 20.0.2
  • HIGH8.8CVE-2020-1718Improper Authentication for Keycloak
    from 0, < 8.0.0
  • HIGH8.3CVE-2019-14909Keycloak Authentication Error
    >= 7.0.0, <= 7.0.1
  • HIGH8.3CVE-2021-20222Code injection in keycloak
    >= 9.0.0, < 12.0.3
  • HIGH8.1CVE-2022-4137Keycloak Cross-site Scripting on OpenID connect login service
    from 0, < 20.0.5
  • HIGH8.1CVE-2018-14657Keycloak Improper Bruteforce Detection
    from 0, < 4.6.0.Final
  • HIGH7.5CVE-2021-3513Incorrect implementation of lockout feature in Keycloak
    from 0, < 13.0.0
  • HIGH7.5CVE-2017-12159Keycloak CSRF Vulnerability
    from 0, < 3.4.0
  • HIGH7.5CVE-2020-14366Path Traversal
    from 0, < 12.0.0
  • HIGH7.5CVE-2020-10758Allocation of Resources Without Limits or Throttling in Keycloak
    from 0, < 11.0.1
  • HIGH7.2CVE-2022-2668Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console
    from 0, < 19.0.2
  • HIGH7.2CVE-2017-12160Keycloak Oauth Implementation Error
    from 0, < 3.3.0.Final
  • HIGH7.1CVE-2021-3461Keycloak insufficient session expiration
    from 0, < 14.0.0
  • MEDIUM6.8CVE-2022-3916Keycloak vulnerable to session takeover with OIDC offline refreshtokens
    from 0, < 20.0.2
  • MEDIUM6.1CVE-2020-10748Cross-site Scripting in Keycloak
    from 0, < 10.0.2
  • MEDIUM5.9CVE-2020-1758Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Keycloak
    from 0, < 10.0.0
  • MEDIUM5.4CVE-2022-2256Keycloak vulnerable to Stored Cross site Scripting (XSS) when loading default roles
    from 0, < 19.0.2
  • MEDIUM5.4CVE-2017-12158Keycloak Reflected XSS
    from 0, < 3.4.0
  • MEDIUM5.4CVE-2018-14655Keycloak vulnerable to cross-site scripting via the state parameter
    from 0, <= 3.4.3.Final
  • MEDIUM5.4CVE-2020-1725Incorrect Authorization in keycloak
    from 0, < 13.0.0
  • MEDIUM5.3CVE-2026-0707Keycloak has Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
    from 0, <= 26.5.0
  • MEDIUM4.9CVE-2020-1694Incorrect Permission Assignment for Critical Resource and Permissive List of Allowed Inputs in Keycloak
    from 0, < 10.0.0
  • LOW2.7CVE-2026-1518Keycloak Server-Side Request Forgery (SSRF) vulnerability
    from 0, <= 26.5.2
  • LOW2.7CVE-2020-1717Generation of Error Message Containing Sensitive Information in Keycloak
    from 0, <= 7.0.1