Filter
AND

Versions

1.0.1
2
12.0.0
2
3.4.3
2
10.0.1
1
11.0.3
1
15.0.0
1
3.2.1
1
4.0.0-beta2
1
4.3.0
1
6.0.0
1
7.0.1
1
8.0.2
1
9.0.0
1

maven/org.keycloak:keycloak-servicesKeycloak: potential bypass of brute force protection

medium
6.5
First published (updated )
CVE-2024-4629

maven/org.keycloak:keycloak-ldap-federationKeycloak-ldap-federation: authentication bypass due to missing ldap bind after password reset in keycloak

medium
5.4
First published (updated )
CVE-2025-0604

Red Hat 3scaleApicast: use_3scale_oidc_issuer_endpoint of token introspection policy isn't compatible with rh-sso 7.5 or later versions

medium
6.3
First published (updated )
CVE-2024-0560

Red Hat OpenStack PlatformImpact of Terrapin SSH Attack

medium
6
First published (updated )
CVE-2023-48795

redhat/rh-sso7-keycloakA flaw was found in keycloak-core. This flaw considers the scenario when using X509 Client Certifica…

medium
6.5
First published (updated )
CVE-2023-1664

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Red Hat KeycloakModerate: Red Hat build of Keycloak 26.0.8 Images Update

medium
4
First published (updated )
RHSA-2025:0299

Red Hat KeycloakModerate: Red Hat build of Keycloak 26.0.8 Update

medium
4
First published (updated )
RHSA-2025:0300

maven/org.keycloak:keycloak-coreKeycloak-core: open redirect on account page

medium
6.1
EPSS
0.04%
First published (updated )
CVE-2024-7260

redhat/keycloakKeycloak: open redirect via "form_post.jwt" jarm response mode

medium
6.1
EPSS
0.12%
First published (updated )
CVE-2023-6927

maven/org.keycloak:keycloak-servicesInput Validation

medium
5.3
First published (updated )
CVE-2021-3754

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Red Hat KeycloakSensitive runtime values in Keycloak (up to version 26.0.2) are captured during the build process as…

medium
4
First published (updated )
REDHAT-BUG-2322096

redhat single sign-onKeycloak: reflected xss via wildcard in oidc redirect_uri

medium
5.4
EPSS
0.10%
First published (updated )
CVE-2023-6134

redhat/keycloakDue to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that…

medium
6.5
First published (updated )
CVE-2022-1466

redhat/keycloakInfoleak

medium
5.5
First published (updated )
CVE-2019-3868

redhat/rh-sso7-keycloakKeycloak: xss on impersonation under specific circumstances

medium
6.4
First published (updated )
CVE-2022-1438

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

redhat/KeycloakXSS

medium
5.4
First published (updated )
CVE-2017-12158

Red Hat KeycloakA vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer…

medium
4
First published (updated )
REDHAT-BUG-2301875

Red Hat KeycloakModerate: Red Hat build of Keycloak 22.0.12 Images Update

medium
4
First published (updated )
RHSA-2024:6500

Red Hat KeycloakModerate: Red Hat build of Keycloak 22.0.12 Update

medium
4
First published (updated )
RHSA-2024:6501

Red Hat KeycloakModerate: Red Hat build of Keycloak 24.0.7 Update

medium
4
First published (updated )
RHSA-2024:6503

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Red Hat KeycloakModerate: Red Hat build of Keycloak 24.0.7 Images Update

medium
4
First published (updated )
RHSA-2024:6502

Red Hat KeycloakCSRF

medium
4.3
First published (updated )
CVE-2014-3655

maven/org.keycloak:keycloak-servicesJBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL.

medium
6.1
First published (updated )
CVE-2014-3652

redhat jboss enterprise application platformPotential EAP resource starvation DOS attack via GET requests for server log files

medium
6.5
First published (updated )
CVE-2016-8627

Red Hat Single Sign-On<a href="https://issues.jboss.org/browse/KEYCLOAK-3667">https://issues.jboss.org/browse/KEYCLOAK-366…

medium
6.5
First published (updated )
CVE-2016-8629

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

redhat jboss enterprise application platformInfoleak

medium
6.5
First published (updated )
CVE-2017-2582

Red Hat Single Sign-OnInfoleak

medium
5.9
First published (updated )
CVE-2017-2585

maven/org.keycloak:keycloak-parentXSS

medium
5.4
First published (updated )
CVE-2018-14655

maven/org.keycloak:keycloak-coreA flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not n…

medium
6.1
First published (updated )
CVE-2018-14658

redhat/KeycloakA Keycloak cluster with multiple nodes could mishandle an expired session replacement and lead to an…

medium
4.9
First published (updated )
CVE-2018-10912

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203