Package impact
Maven / org.keycloak:keycloak-core
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-3632 | high | — | 8.0 | 4y ago | Keycloak allows anyone to register new security device or key for any user by using WebAuthn password-less login flow | |||
| CVE-2020-27838 | high | — | 8.0 | 4y ago | Keycloak discloses information without authentication | |||
| CVE-2021-20202 | high | — | 8.0 | 4y ago | Temporary Directory Hijacking Vulnerability in Keycloak | |||
| CVE-2020-1714 | high | — | 8.0 | 4y ago | Improper Input Validation in Keycloak | |||
| CVE-2021-20195 | high | — | 8.0 | 5y ago | keycloak Self Stored Cross-site Scripting vulnerability | |||
| CVE-2021-20262 | high | — | 8.0 | 5y ago | Keycloak Missing authentication for critical function | |||
| CVE-2014-3651 | high | 7.5 | 7.5 | 9y ago | Keycloak vulnerable to uncontrolled resource consumption |