Known vulnerabilities in Keycloak Keycloak

Vendor: Keycloak
Website: https://www.keycloak.org/
Total Security Bulletins: 73

Security bulletins (73)

Secuity bulletin Severity Status Published
SB2025111839: Multiple vulnerabilities in Keycloak Medium
Patched
18.11.2025
SB2025111773: Insecure session management in Keycloak Low
Patched
17.11.2025
SB2025111772: Insufficient session expiration in Keycloak Low
Patched
17.11.2025
SB2025102757: Remote denial of service in Keycloak Medium
Patched
27.10.2025
SB2025100922: Text injection in Keycloak Low
Patched
09.10.2025
SB2025090931: Multiple vulnerabilities in Keycloak Medium
Patched
09.09.2025
SB2025073159: Multiple vulnerabilities in Keycloak Medium
Patched
31.07.2025
SB2025043010: Multiple vulnerabilities in Keycloak Medium
Patched
30.04.2025
SB2025031143: Multiple vulnerabilities in Keycloak Medium
Patched
11.03.2025
SB2025020544: MitM attack in Keycloak Medium
Patched
05.02.2025
SB2025011349: Multiple vulnerabilities in Keycloak Low
Patched
13.01.2025
SB2024112532: Multiple vulnerabilities in Keycloak High
Patched
25.11.2024
SB2024110717: Keycloak update for Apache Sling Commons Messaging Mail Medium
Patched
07.11.2024
SB2024092017: Multiple vulnerabilities in Keycloak Low
Patched
20.09.2024
SB2024092009: Multiple vulnerabilities in Keycloak Medium
Patched Public exploit
20.09.2024
SB2024091823: Brute-force protection bypass in Keycloak Medium
Patched
18.09.2024
SB2024091740: Session Fixation in Keycloak Medium
Patched
17.09.2024
SB2024062410: Information disclosure in Keycloak Low
Patched
24.06.2024
SB2024062409: Multiple vulnerabilities in Keycloak Medium
Patched
24.06.2024
SB2024062408: Denial of service in Keycloak Low
Patched
24.06.2024
SB2024062407: Improper input validation in Keycloak Low
Patched Public exploit
24.06.2024
SB2024061019: Multiple vulnerabilities in Keycloak Medium
Patched
10.06.2024
SB20240417142: Multiple vulnerabilities in Keycloak Medium
Patched
17.04.2024
SB2024030533: Improper input validation in Keycloak Medium
Patched
05.03.2024
SB2024021539: Log injection in Keycloak Medium
Patched
15.02.2024
SB2024010930: Open redirect in Keycloak Low
Patched
09.01.2024
SB2023122039: Denial of service in Keycloak Medium
Patched
20.12.2023
SB2023122038: Open redirect in Keycloak Low
Patched
20.12.2023
SB2023121901: Cross-site scripting in Keycloak Low
Patched
19.12.2023
SB2023112922: LDAP injection in Keycloak High
Patched
29.11.2023
SB2023091243: Unprotected storage of credentials in Keycloak Core Low
Patched
12.09.2023
SB2023072091: Account lockout in Keycloak Medium
Patched
20.07.2023
SB2023062807: Multiple vulnerabilities in Keycloak Medium
Not patched
28.06.2023
SB2023030251: User impersonation in Keycloak Medium
Patched Public exploit
02.03.2023
SB2023030250: Multiple XSS vulnerabilities in Keycloak Medium
Patched
02.03.2023
SB2023011260: Authorization bypass in Keycloak Medium
Patched
12.01.2023
SB2022121342: Path traversal in keycloak Medium
Patched
13.12.2022
SB2022121340: Session takeover in keycloak Low
Patched
13.12.2022
SB2022100527: Multiple vulnerabilities in Keycloak Low
Patched
05.10.2022


Showing elements 1 - 40 out of 73