-
Notifications
You must be signed in to change notification settings - Fork 7.7k
Security: keycloak/keycloak
Security Navigation
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Unrestricted admin use of system and environment variablesGHSA-f4v7-3mww-9gc2 published
Jan 13, 2025 by stianstModerate -
Denial of Service in Keycloak Server via Security HeadersGHSA-w3g8-r9gw-qrh8 published
Jan 13, 2025 by stianstModerate -
Keycloak mTLS Authentication Bypass via Reverse Proxy TLS TerminationGHSA-93ww-43rr-79v3 published
Nov 25, 2024 by jonkoopsHigh -
Keycloak proxy header handling Denial-of-Service (DoS) vulnerabilityGHSA-jgwc-jh89-rpgq published
Nov 25, 2024 by jonkoopsModerate -
Keycloak Path Traversal Vulnerability Due to External Control of File Name or PathGHSA-5545-r4hg-rj4m published
Nov 25, 2024 by jonkoopsLow -
Inefficient Regular Expression Complexity in org.keycloak:keycloak-servicesGHSA-wq8x-cg39-8mrr published
Nov 25, 2024 by jonkoopsModerate -
Sensitive Data Exposure in Keycloak Build ProcessGHSA-v7gv-xpgf-6395 published
Nov 25, 2024 by jonkoopsModerate -
One Time Passcode (OTP) is valid longer than expiration timeSeverityGHSA-xmmm-jw76-q7vg published
Oct 14, 2024 by abstractjModerate -
Improper Verification of SAML Responses Leading to Privilege Escalation in KeycloakGHSA-xgfv-xpx8-qhcr published
Oct 14, 2024 by abstractjHigh -
Vulnerable Redirect URI Validation Results in Open RedirectGHSA-w8gr-xwp4-r9f7 published
Oct 14, 2024 by abstractjModerate