Security: keycloak/keycloak
Security Advisories
View information about security vulnerabilities from this repository's maintainers.
-
Deserialization of Untrusted Data in LDAP User FederationGHSA-4hx9-48xh-5mxr published
Dec 19, 2025 by rmartincModerate -
Debug default bind addressGHSA-j4vq-q93m-4683 published
Dec 1, 2025 by rmartincModerate -
Unable to restrict access to the admin consoleGHSA-vjr8-56p3-fmqq published
Dec 1, 2025 by rmartincLow -
Keycloak TLS Client-Initiated Renegotiation Denial of ServiceGHSA-q8hq-4h99-fj7x published
Oct 27, 2025 by rmartincHigh -
Variable resolution on imports can expose environment variablesGHSA-8hxp-qmph-w5gq published
Oct 8, 2025 by rmartincModerate -
Keycloak error_description injection on error pages that can trigger phishing attacksGHSA-27gc-wj6x-9w55 published
Oct 8, 2025 by rmartincModerate -
Keycloak SMTP Inject VulnerabilityGHSA-m4j5-5x4r-2xp9 published
Sep 17, 2025 by rmartincModerate -
Privilege Escalation in Keycloak Admin Console (FGAPv2 Enabled)GHSA-27gp-8389-hm4w published
Jul 29, 2025 by rmartincModerate -
Phishing attack via email verification step in first login flowGHSA-xhpr-465j-7p9q published
Jul 29, 2025 by rmartincModerate -
Two factor authentication bypassGHSA-5jfq-x6xp-7rw2 published
Apr 30, 2025 by stianstModerate