Security Advisories · keycloak/keycloak · GitHub

Security Advisories

View known security vulnerabilities and report new vulnerabilities privately to maintainers.

Report a vulnerability

Cross-site scripting when validating URI-schemes on SAML and OIDC
GHSA-3p62-6fjh-3p5h published Jun 28, 2023 by abstractj

Low
LDAP Injection on UsernameForm Login
GHSA-8hc5-rmgf-qx6p published Nov 29, 2023 by stianst

Low
SAML javascript protocol mapper: Uploading of scripts through admin console
GHSA-wf7g-7h6h-678v published Sep 22, 2022 by abstractj

Low
Stored XSS when loading default roles
GHSA-w9mf-83w3-fv49 published Sep 22, 2022 by abstractj

Moderate
HTML Injection in Keycloak Admin REST API
GHSA-m4fv-gm5m-4725 published Feb 27, 2023 by abstractj

Moderate
Privilege escalation vulnerability on Token Exchange feature
GHSA-75p6-52g3-rqc8 published Apr 25, 2022 by abstractj

Moderate
Keycloak is vulnerable to IDN homograph attack
GHSA-mwm4-5qwr-g9pf published Apr 25, 2022 by abstractj

Low
ECP SAML binding bypasses authentication flows
GHSA-4pc7-vqv5-5r3v published Apr 25, 2022 by abstractj

Moderate
Stored XSS in groups dropdown
GHSA-755v-r4x4-qf7m published Nov 24, 2022 by abstractj

Moderate
Incorrect authorization allows unpriviledged users to create other users
GHSA-83x4-9cwr-5487 published Dec 20, 2021 by stianst

High