| CVE-2021-3513 |
high |
— |
8.0 |
4y ago |
Incorrect implementation of lockout feature in Keycloak |
|
| CVE-2020-1717 |
high |
— |
8.0 |
4y ago |
Generation of Error Message Containing Sensitive Information in Keycloak |
|
| CVE-2020-1725 |
high |
— |
8.0 |
4y ago |
Incorrect Authorization in keycloak |
|
| CVE-2021-20222 |
high |
— |
8.0 |
5y ago |
Code injection in keycloak |
|
| CVE-2017-12159 |
high |
7.5 |
7.5 |
9y ago |
Keycloak CSRF Vulnerability |
|
| CVE-2017-12160 |
high |
7.2 |
7.2 |
9y ago |
Keycloak Oauth Implementation Error |
|
| CVE-2020-14366 |
medium |
— |
5.5 |
4y ago |
Path Traversal |
|
| CVE-2017-12158 |
medium |
5.4 |
5.4 |
9y ago |
Keycloak Reflected XSS |
|
| CVE-2026-1518 |
unknown |
— |
— |
4mo ago |
Keycloak Server-Side Request Forgery (SSRF) vulnerability |
|
| CVE-2026-0707 |
unknown |
— |
— |
5mo ago |
Keycloak has Incorrect Behavior Order: Authorization Before Parsing and Canonicalization |
|
| CVE-2022-4137 |
unknown |
— |
— |
3y ago |
Keycloak Cross-site Scripting on OpenID connect login service |
|
| CVE-2022-3782 |
unknown |
— |
— |
4y ago |
Keycloak vulnerable to path traversal via double URL encoding |
|
| CVE-2022-3916 |
unknown |
— |
— |
4y ago |
Keycloak vulnerable to session takeover with OIDC offline refreshtokens |
|
| CVE-2022-2256 |
unknown |
— |
— |
4y ago |
Keycloak vulnerable to Stored Cross site Scripting (XSS) when loading default roles |
|
| CVE-2022-2668 |
unknown |
— |
— |
4y ago |
Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console |
|
| CVE-2019-14910 |
unknown |
— |
— |
4y ago |
Keycloak Authentication Error |
|
| CVE-2019-14909 |
unknown |
— |
— |
4y ago |
Keycloak Authentication Error |
|
| CVE-2018-14655 |
unknown |
— |
— |
4y ago |
Keycloak vulnerable to cross-site scripting via the state parameter |
|
| CVE-2018-14657 |
unknown |
— |
— |
4y ago |
Keycloak Improper Bruteforce Detection |
|
| CVE-2020-1718 |
unknown |
— |
— |
4y ago |
Improper Authentication for Keycloak |
|
| CVE-2020-1694 |
unknown |
— |
— |
4y ago |
Incorrect Permission Assignment for Critical Resource and Permissive List of Allowed Inputs in Keycloak |
|
| CVE-2020-10758 |
unknown |
— |
— |
4y ago |
Allocation of Resources Without Limits or Throttling in Keycloak |
|
| CVE-2020-10748 |
unknown |
— |
— |
4y ago |
Cross-site Scripting in Keycloak |
|
| CVE-2020-1758 |
unknown |
— |
— |
4y ago |
Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Keycloak |
|