7
I Use This!
Very High Activity
Analyzed about 24 hours ago. based on code collected 1 day ago.
 

Security

Vulnerabilities per Version

Learn more about BDSAs
 
 

Major Versions

1yr
3yr
5yr
10yr
All
click and drag to zoom
 
 
Security Vulnerabilities for Version:
Severities:
Type
Identifier Related Record Severity Date Published Description Versions Affected
BDSA-2026-7641 Low Apr 21, 2026 Keycloak is vulnerable to improper access control due to incomplete enforcement of access control checks on the `resource_set` endpoint. This could all more...
BDSA-2026-7584 Medium Apr 20, 2026 Red Hat Build of Keycloak is vulnerable to cross-site scripting (XSS) due to improper handling of the `organization.alias` in an inline JavaScript `onc more...
BDSA-2026-4047 Low Mar 16, 2026 Keycloak is vulnerable to improper access control due to insufficient validation of the authentication level of assurance (LoA) in the Account REST API more...
BDSA-2026-3755 Low Mar 11, 2026 Keycloak is vulnerable to unauthorized information disclosure due to a flaw in the `UserResource` component. This could allow an attacker with the `vie more...
BDSA-2026-1469 Low Feb 03, 2026 Keycloak is vulnerable to server-side request forgery (SSRF) due to insufficient validation of client-configured backchannel notification endpoints in more...
BDSA-2026-12559 Medium May 28, 2026 Keycloak is vulnerable to denial-of-service (DoS) due to improper handling of malformed `Authorization: Bearer` headers in the `ClientRegistrationAuth` more...
BDSA-2026-12555 Medium May 28, 2026 Keycloak is vulnerable to security restriction bypass due to improper handling insufficient permissions in the `ClientScopesCondition.java` file. This more...
BDSA-2026-11129 Medium May 19, 2026 Keycloak is vulnerable to improper token revocation due to insufficient of realm-level policy enforcement in the OpenID Connect (OIDC) Introspection fu more...
BDSA-2026-0612 Low Jan 16, 2026 Keycloak is vulnerable to endpoint exposure due to improper input validation from its acceptance of RFC-compliant matrix parameters in URL path segment more...
BDSA-2025-1366 Medium Feb 24, 2025 A vulnerability was found in Keycloak. This issue may allow a privileged attacker to use a malicious payload as the permission while creating items (Re more...