| CVE-2021-3461 |
low |
— |
2.5 |
|
|
|
4y ago |
Keycloak insufficient session expiration |
| CVE-2026-1518 |
unknown |
— |
— |
|
|
|
4mo ago |
Keycloak Server-Side Request Forgery (SSRF) vulnerability |
| CVE-2026-0707 |
unknown |
— |
— |
|
|
|
5mo ago |
Keycloak has Incorrect Behavior Order: Authorization Before Parsing and Canonicalization |
| CVE-2022-4137 |
unknown |
— |
— |
|
|
|
3y ago |
Keycloak Cross-site Scripting on OpenID connect login service |
| CVE-2022-3782 |
unknown |
— |
— |
|
|
|
4y ago |
Keycloak vulnerable to path traversal via double URL encoding |
| CVE-2022-3916 |
unknown |
— |
— |
|
|
|
4y ago |
Keycloak vulnerable to session takeover with OIDC offline refreshtokens |
| CVE-2022-2256 |
unknown |
— |
— |
|
|
|
4y ago |
Keycloak vulnerable to Stored Cross site Scripting (XSS) when loading default roles |
| CVE-2022-2668 |
unknown |
— |
— |
|
|
|
4y ago |
Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console |
| CVE-2019-14910 |
unknown |
— |
— |
|
|
|
4y ago |
Keycloak Authentication Error |
| CVE-2019-14909 |
unknown |
— |
— |
|
|
|
4y ago |
Keycloak Authentication Error |
| CVE-2018-14655 |
unknown |
— |
— |
|
|
|
4y ago |
Keycloak vulnerable to cross-site scripting via the state parameter |
| CVE-2018-14657 |
unknown |
— |
— |
|
|
|
4y ago |
Keycloak Improper Bruteforce Detection |
| CVE-2020-1718 |
unknown |
— |
— |
|
|
|
4y ago |
Improper Authentication for Keycloak |
| CVE-2020-1694 |
unknown |
— |
— |
|
|
|
4y ago |
Incorrect Permission Assignment for Critical Resource and Permissive List of Allowed Inputs in Keycloak |
| CVE-2020-10758 |
unknown |
— |
— |
|
|
|
4y ago |
Allocation of Resources Without Limits or Throttling in Keycloak |
| CVE-2020-10748 |
unknown |
— |
— |
|
|
|
4y ago |
Cross-site Scripting in Keycloak |
| CVE-2020-1758 |
unknown |
— |
— |
|
|
|
4y ago |
Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Keycloak |
