-
Notifications
You must be signed in to change notification settings - Fork 7.7k
Security: keycloak/keycloak
Security Navigation
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Session fixation in Elytron SAML adaptersGHSA-5rxp-2rhr-qwqv published
Oct 14, 2024 by abstractjHigh -
Leak of configured LDAP bind credentials through the Keycloak admin consoleGHSA-c25h-c27q-5qpv published
Jun 21, 2024 by rmartincLow -
Improper input validation on Keycloak allows using email as usernameGHSA-4vc8-pg5c-vg4x published
Jun 12, 2024 by abstractjLow -
DoS via account lockoutGHSA-cq42-vhv7-xr7p published
Jun 12, 2024 by abstractjLow -
Potential bypass of brute force protectionGHSA-gc7q-jgjv-vjr2 published
Sep 17, 2024 by abstractjModerate -
Unguarded admin REST API endpoints allows low privilege users to use administrative functionalitiesGHSA-2cww-fgmg-4jqc published
Jun 11, 2024 by rmartincModerate -
Exposure of sensitive information in Pushed Authorization Requests (PAR)GHSA-69fp-7c8p-crjr published
Jun 10, 2024 by abstractjHigh -
Unvalidated cross-origin messages in checkLoginIframe leads to DDoSGHSA-m6q9-p373-g5q8 published
Apr 17, 2024 by abstractjHigh -
Path transversal in redirection validationGHSA-72vp-xfrc-42xm published
Apr 17, 2024 by abstractjHigh -
Session hijacking via re-authenticationGHSA-c9h6-v78w-52wj published
Apr 17, 2024 by abstractjModerate