-
Notifications
You must be signed in to change notification settings - Fork 7.7k
Security: keycloak/keycloak
Security Navigation
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Variable resolution on imports can expose environment variablesGHSA-8hxp-qmph-w5gq published
Oct 8, 2025 by rmartincModerate -
Keycloak error_description injection on error pages that can trigger phishing attacksGHSA-27gc-wj6x-9w55 published
Oct 8, 2025 by rmartincModerate -
Keycloak SMTP Inject VulnerabilityGHSA-m4j5-5x4r-2xp9 published
Sep 17, 2025 by rmartincModerate -
Privilege Escalation in Keycloak Admin Console (FGAPv2 Enabled)GHSA-27gp-8389-hm4w published
Jul 29, 2025 by rmartincModerate -
Phishing attack via email verification step in first login flowGHSA-xhpr-465j-7p9q published
Jul 29, 2025 by rmartincModerate -
Two factor authentication bypassGHSA-5jfq-x6xp-7rw2 published
Apr 30, 2025 by stianstModerate -
Keycloak hostname verificationGHSA-hw58-3793-42gg published
Apr 30, 2025 by stianstHigh -
Improper Authorization in Keycloak Organization Mapper Allows Unauthorized Organization ClaimsGHSA-gvgg-2r3r-53x7 published
Mar 10, 2025 by rmartincModerate -
Authentication Bypass Due to Missing LDAP Bind After Password Reset in KeycloakGHSA-2p82-5wwr-43cw published
Mar 10, 2025 by rmartincModerate -
CLI option for encrypted JGroups ignoredGHSA-g6qq-c9f9-2772 published
Feb 4, 2025 by rmartincModerate