Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

keycloak — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting keycloak. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products keycloak:keycloakkeycloak REST API
CVE IDTitleCVSSSeverityPaused
CVE-2025-12150 Org.keycloak/keycloak-services: webauthn attestation statement verification bypass — keycloakCWE-347 3.1 Low2026-02-27
CVE-2025-13467 Org.keycloak.storage.ldap: keycloak: deserialization of untrusted data in ldap user federation — KeycloakCWE-502 5.5 Medium2025-11-25
CVE-2025-11538 Keycloak-server: debug default bind address — keycloakCWE-1327 6.8 Medium2025-11-13
CVE-2025-12390 Org.keycloak.protocol.oidc.endpoints.logoutendpoint: offline session takeover due to reused authentication session id — keycloakCWE-384 6.0 Medium2025-10-28
CVE-2025-10939 Org.keycloak/keycloak-quarkus-server: unable to restrict access to the admin console — keycloakCWE-427 3.7 Low2025-10-28
CVE-2025-12110 Keycloak: org.keycloak:keycloak-services: user can refresh offline session even after client's offline_access scope was removed — keycloakCWE-613 5.4 Medium2025-10-23
CVE-2025-11429 Keycloak-server: too long and not settings compliant session — keycloakCWE-613 5.4 Medium2025-10-23
CVE-2025-10044 Keycloak: keycloak error_description injection on error pages — keycloakCWE-79 4.3 Medium2025-09-05
CVE-2025-9162 Org.keycloak/keycloak-model-storage-service: variable injection into environment variables — keycloakCWE-526 4.9 Medium2025-08-21
CVE-2025-8419 Org.keycloak/keycloak-services: keycloak smtp inject vulnerability — keycloakCWE-93 5.3 Medium2025-08-06
CVE-2022-4361 Red Hat Keycloak 跨站脚本漏洞 — keycloakCWE-81 10.0 Critical2023-07-07
CVE-2020-10686 Red Hat Keycloak 安全漏洞 — keycloakCWE-285 4.1 Medium2020-05-04
CVE-2019-14820 Red Hat Keycloak 信息泄露漏洞 — keycloakCWE-200 7.5 -2020-01-08
CVE-2019-14832 Red Hat Keycloak 安全漏洞 — keycloak REST APICWE-863 7.1 -2019-10-15

This page lists every published CVE security advisory associated with keycloak. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.