| CVE-2021-3513 |
high |
— |
8.0 |
|
|
|
4y ago |
Incorrect implementation of lockout feature in Keycloak |
| CVE-2020-1717 |
high |
— |
8.0 |
|
|
|
4y ago |
Generation of Error Message Containing Sensitive Information in Keycloak |
| CVE-2020-1725 |
high |
— |
8.0 |
|
|
|
4y ago |
Incorrect Authorization in keycloak |
| CVE-2021-20222 |
high |
— |
8.0 |
|
|
|
5y ago |
Code injection in keycloak |
| CVE-2017-12159 |
high |
7.5 |
7.5 |
|
|
|
9y ago |
Keycloak CSRF Vulnerability |
| CVE-2017-12160 |
high |
7.2 |
7.2 |
|
|
|
9y ago |
Keycloak Oauth Implementation Error |
| CVE-2026-1518 |
unknown |
— |
— |
|
|
|
4mo ago |
Keycloak Server-Side Request Forgery (SSRF) vulnerability |
| CVE-2026-0707 |
unknown |
— |
— |
|
|
|
5mo ago |
Keycloak has Incorrect Behavior Order: Authorization Before Parsing and Canonicalization |
| CVE-2022-4137 |
unknown |
— |
— |
|
|
|
3y ago |
Keycloak Cross-site Scripting on OpenID connect login service |
| CVE-2022-3782 |
unknown |
— |
— |
|
|
|
4y ago |
Keycloak vulnerable to path traversal via double URL encoding |
| CVE-2022-3916 |
unknown |
— |
— |
|
|
|
4y ago |
Keycloak vulnerable to session takeover with OIDC offline refreshtokens |
| CVE-2022-2256 |
unknown |
— |
— |
|
|
|
4y ago |
Keycloak vulnerable to Stored Cross site Scripting (XSS) when loading default roles |
| CVE-2022-2668 |
unknown |
— |
— |
|
|
|
4y ago |
Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console |
| CVE-2019-14910 |
unknown |
— |
— |
|
|
|
4y ago |
Keycloak Authentication Error |
| CVE-2019-14909 |
unknown |
— |
— |
|
|
|
4y ago |
Keycloak Authentication Error |
| CVE-2018-14655 |
unknown |
— |
— |
|
|
|
4y ago |
Keycloak vulnerable to cross-site scripting via the state parameter |
| CVE-2018-14657 |
unknown |
— |
— |
|
|
|
4y ago |
Keycloak Improper Bruteforce Detection |
| CVE-2020-1718 |
unknown |
— |
— |
|
|
|
4y ago |
Improper Authentication for Keycloak |
| CVE-2020-1694 |
unknown |
— |
— |
|
|
|
4y ago |
Incorrect Permission Assignment for Critical Resource and Permissive List of Allowed Inputs in Keycloak |
| CVE-2020-10758 |
unknown |
— |
— |
|
|
|
4y ago |
Allocation of Resources Without Limits or Throttling in Keycloak |
| CVE-2020-10748 |
unknown |
— |
— |
|
|
|
4y ago |
Cross-site Scripting in Keycloak |
| CVE-2020-1758 |
unknown |
— |
— |
|
|
|
4y ago |
Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Keycloak |
