Filter
AND
AND

Versions

1.0.1
2
12.0.0
2
3.4.3
2
10.0.1
1
11.0.3
1
15.0.0
1
3.2.1
1
4.0.0-beta2
1
4.3.0
1
6.0.0
1
7.0.1
1
8.0.2
1
9.0.0
1

Red Hat Single Sign OnApicast: use_3scale_oidc_issuer_endpoint of token introspection policy isn't compatible with rh-sso 7.5 or later versions

medium
6.3
First published (updated )
CVE-2024-0560

Red Hat OpenStack PlatformImpact of Terrapin SSH Attack

medium
6
First published (updated )
CVE-2023-48795

redhat/rh-sso7-keycloakA flaw was found in keycloak-core. This flaw considers the scenario when using X509 Client Certifica…

medium
6.5
First published (updated )
CVE-2023-1664

maven/org.keycloak:keycloak-coreKeycloak-core: open redirect on account page

medium
6.1
EPSS
0.04%
First published (updated )
CVE-2024-7260

redhat/keycloakKeycloak: open redirect via "form_post.jwt" jarm response mode

medium
6.1
EPSS
0.12%
First published (updated )
CVE-2023-6927

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Red Hat OpenShift Container PlatformKeycloak: potential bypass of brute force protection

medium
6.5
First published (updated )
CVE-2024-4629

maven/org.keycloak:keycloak-servicesInput Validation

medium
5.3
First published (updated )
CVE-2021-3754

Red Hat OpenShift Container PlatformKeycloak: reflected xss via wildcard in oidc redirect_uri

medium
5.4
EPSS
0.10%
First published (updated )
CVE-2023-6134

redhat/keycloakDue to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that…

medium
6.5
First published (updated )
CVE-2022-1466

Redhat KeycloakInfoleak

medium
5.5
First published (updated )
CVE-2019-3868

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

redhat/rh-sso7-keycloakKeycloak: xss on impersonation under specific circumstances

medium
6.4
First published (updated )
CVE-2022-1438

Redhat KeycloakCSRF

medium
4.3
First published (updated )
CVE-2014-3655

Redhat KeycloakJBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL.

medium
6.1
First published (updated )
CVE-2014-3652

Red Hat JBoss Enterprise Application PlatformPotential EAP resource starvation DOS attack via GET requests for server log files

medium
6.5
First published (updated )
CVE-2016-8627

Red Hat Single Sign-On<a href="https://issues.jboss.org/browse/KEYCLOAK-3667">https://issues.jboss.org/browse/KEYCLOAK-366…

medium
6.5
First published (updated )
CVE-2016-8629

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Red Hat JBoss Enterprise Application PlatformInfoleak

medium
6.5
First published (updated )
CVE-2017-2582

Red Hat Single Sign-OnInfoleak

medium
5.9
First published (updated )
CVE-2017-2585

maven/org.keycloak:keycloak-parentXSS

medium
5.4
First published (updated )
CVE-2018-14655

maven/org.keycloak:keycloak-coreA flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not n…

medium
6.1
First published (updated )
CVE-2018-14658

redhat/KeycloakA Keycloak cluster with multiple nodes could mishandle an expired session replacement and lead to an…

medium
4.9
First published (updated )
CVE-2018-10912

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

maven/org.keycloak:keycloak-servicesIt was found that SAML authentication in Keycloak incorrectly authenticated expired certificates. A …

medium
5.5
First published (updated )
CVE-2018-10894

redhat/rh-sso7-keycloakInfoleak

medium
4.3
First published (updated )
CVE-2019-14820

redhat/keycloak-nodejs-connectIt was found that Keycloak's Node.js adapter did not properly verify the web token received from the…

medium
5.5
First published (updated )
CVE-2019-10157

redhat/keycloackA vulnerability was found in keycloak before 6.0.2. The X.509 authenticator supports the verificatio…

medium
6.5
First published (updated )
CVE-2019-3875

redhat/rh-sso7-keycloakInput Validation

medium
5.4
First published (updated )
CVE-2020-35509

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

redhat/rh-sso7-keycloakA flaw was found in keycloak where it is possible to update the user's metadata attributes using Acc…

medium
4.9
First published (updated )
CVE-2020-27826

maven/org.keycloak:keycloak-coreClient registration endpoints should not allow fetching information about public clients without aut…

medium
6.5
First published (updated )
CVE-2020-27838

redhat/rh-sso7-keycloakA flaw was found in Keycloak, where an external identity provider, after successful authentication, …

medium
4.9
First published (updated )
CVE-2020-14302

Redhat KeycloakA community-only flaw was found where a malicious user can register himself and then uses the "remov…

medium
6.5
First published (updated )
CVE-2020-10686

redhat/keycloakXSS

medium
6.1
First published (updated )
CVE-2020-1697

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203