-
Notifications
You must be signed in to change notification settings - Fork 7.4k
Security: keycloak/keycloak
Security Navigation
Security Advisories
View information about security vulnerabilities from this repository's maintainers.
-
Two factor authentication bypassGHSA-5jfq-x6xp-7rw2 published
Apr 30, 2025 by stianstModerate -
Keycloak hostname verificationGHSA-hw58-3793-42gg published
Apr 30, 2025 by stianstHigh -
Improper Authorization in Keycloak Organization Mapper Allows Unauthorized Organization ClaimsGHSA-gvgg-2r3r-53x7 published
Mar 10, 2025 by rmartincModerate -
Authentication Bypass Due to Missing LDAP Bind After Password Reset in KeycloakGHSA-2p82-5wwr-43cw published
Mar 10, 2025 by rmartincModerate -
CLI option for encrypted JGroups ignoredGHSA-g6qq-c9f9-2772 published
Feb 4, 2025 by rmartincModerate -
Unrestricted admin use of system and environment variablesGHSA-f4v7-3mww-9gc2 published
Jan 13, 2025 by stianstModerate -
Denial of Service in Keycloak Server via Security HeadersGHSA-w3g8-r9gw-qrh8 published
Jan 13, 2025 by stianstModerate -
Keycloak mTLS Authentication Bypass via Reverse Proxy TLS TerminationGHSA-93ww-43rr-79v3 published
Nov 25, 2024 by jonkoopsHigh -
Keycloak proxy header handling Denial-of-Service (DoS) vulnerabilityGHSA-jgwc-jh89-rpgq published
Nov 25, 2024 by jonkoopsModerate -
Keycloak Path Traversal Vulnerability Due to External Control of File Name or PathGHSA-5545-r4hg-rj4m published
Nov 25, 2024 by jonkoopsLow