-
Notifications
You must be signed in to change notification settings - Fork 7.4k
Security: keycloak/keycloak
Security Navigation
Security Advisories
View information about security vulnerabilities from this repository's maintainers.
-
XSS on impersonation under specific circumstancesGHSA-w354-2f3c-qvg9 published
Feb 27, 2023 by abstractjModerate -
Lack of validation of access token on client registrations endpointGHSA-v436-q368-hvgg published
Jan 12, 2023 by abstractjLow -
Session takeover with OIDC offline refreshtokensGHSA-97g8-xfvw-q4hg published
Dec 13, 2022 by abstractjModerate -
Path traversal via double URL encodingGHSA-g8q8-fggx-9r3q published
Dec 13, 2022 by abstractjHigh -
Reflected XSS on OpenID connect login serviceGHSA-9hhc-pj4w-w5rv published
Feb 27, 2023 by abstractjHigh -
Cross-site scripting when validating URI-schemes on SAML and OIDCGHSA-3p62-6fjh-3p5h published
Jun 28, 2023 by abstractjLow -
LDAP Injection on UsernameForm LoginGHSA-8hc5-rmgf-qx6p published
Nov 29, 2023 by stianstLow -
SAML javascript protocol mapper: Uploading of scripts through admin consoleGHSA-wf7g-7h6h-678v published
Sep 22, 2022 by abstractjLow -
Stored XSS when loading default rolesGHSA-w9mf-83w3-fv49 published
Sep 22, 2022 by abstractjModerate -
HTML Injection in Keycloak Admin REST APIGHSA-m4fv-gm5m-4725 published
Feb 27, 2023 by abstractjModerate