Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Keycloak — Vulnerabilities & Security Advisories 88

All 88 CVE vulnerabilities found in Keycloak, with AI-generated Chinese analysis, references, and POCs.

Vendor: JBoss

CVE IDTitleCVSSSeverityPaused
CVE-2025-12150 Org.keycloak/keycloak-services: webauthn attestation statement verification bypass CWE-347 3.1 Low2026-02-27
CVE-2025-13467 Org.keycloak.storage.ldap: keycloak: deserialization of untrusted data in ldap user federation CWE-502 5.5 Medium2025-11-25
CVE-2025-11538 Keycloak-server: debug default bind address CWE-1327 6.8 Medium2025-11-13
CVE-2025-12390 Org.keycloak.protocol.oidc.endpoints.logoutendpoint: offline session takeover due to reused authentication session id CWE-384 6.0 Medium2025-10-28
CVE-2025-10939 Org.keycloak/keycloak-quarkus-server: unable to restrict access to the admin console CWE-427 3.7 Low2025-10-28
CVE-2025-12110 Keycloak: org.keycloak:keycloak-services: user can refresh offline session even after client's offline_access scope was removed CWE-613 5.4 Medium2025-10-23
CVE-2025-11429 Keycloak-server: too long and not settings compliant session CWE-613 5.4 Medium2025-10-23
CVE-2025-10044 Keycloak: keycloak error_description injection on error pages CWE-79 4.3 Medium2025-09-05
CVE-2025-9162 Org.keycloak/keycloak-model-storage-service: variable injection into environment variables CWE-526 4.9 Medium2025-08-21
CVE-2025-8419 Org.keycloak/keycloak-services: keycloak smtp inject vulnerability CWE-93 5.3 Medium2025-08-06
CVE-2023-4918 Plaintext storage of user password CWE-256 8.8 High2023-09-12
CVE-2023-0264 keycloak 授权问题漏洞 8.8 -2023-08-04
CVE-2022-4361 Red Hat Keycloak 跨站脚本漏洞 CWE-81 10.0 Critical2023-07-07
CVE-2023-1664 Red Hat Keycloak 信任管理问题漏洞 CWE-295 8.2 -2023-05-26
CVE-2022-1274 Keycloak 跨站脚本漏洞 CWE-80 5.4 -2023-03-29
CVE-2022-2237 Keycloak 输入验证错误漏洞 CWE-601 6.1 -2023-03-27
CVE-2023-0105 Red Hat Keycloak 授权问题漏洞 6.5 -2023-01-11
CVE-2023-0091 Red Hat Keycloak 安全漏洞 5.5 -2023-01-11
CVE-2022-3782 Red Hat Keycloak 路径遍历漏洞 9.3 -2023-01-11
CVE-2022-2256 Red Hat Keycloak 跨站脚本漏洞 CWE-79 3.8 -2022-09-01
CVE-2022-0225 Red Hat Keycloak 跨站脚本漏洞 CWE-79 5.4 -2022-08-26
CVE-2021-3632 Red Hat Single Sign-On 授权问题漏洞 CWE-287 8.1 -2022-08-26
CVE-2021-3754 Red Hat Keycloak 安全漏洞 CWE-20 5.3 -2022-08-26
CVE-2021-3856 Red Hat Keycloak 路径遍历漏洞 CWE-552 4.3 -2022-08-26
CVE-2020-35509 Red Hat Keycloak 信任管理问题漏洞 CWE-20 5.9 -2022-08-23
CVE-2021-3827 Red Hat Keycloak 授权问题漏洞 CWE-287 6.8 -2022-08-23
CVE-2021-3513 Red Hat Keycloak 安全漏洞 CWE-522 5.3 -2022-08-22
CVE-2022-2668 Red Hat Keycloak 安全漏洞 7.2 -2022-08-05
CVE-2022-1245 Red Hat Keycloak 安全漏洞 CWE-862 9.8 -2022-07-07
CVE-2021-3461 Red Hat Keycloak代码问题漏洞 CWE-613 8.1 -2022-04-01

All 88 known CVE vulnerabilities affecting Keycloak with full Chinese analysis, references, and POCs where available.