Known vulnerabilities in Keycloak Keycloak

Vendor: Keycloak
Website: https://www.keycloak.org/
Total Security Bulletins: 73

Security bulletins (73)

Secuity bulletin Severity Status Published
SB2025112714: Deserialization of untrusted data in Keycloak LDAP User Federation provider Low
Patched
27.11.2025
SB2025111839: Multiple vulnerabilities in Keycloak Medium
Patched
18.11.2025
SB2025111773: Insecure session management in Keycloak Low
Patched
17.11.2025
SB2025111772: Insufficient session expiration in Keycloak Low
Patched
17.11.2025
SB2025102757: Remote denial of service in Keycloak Medium
Patched
27.10.2025
SB2025100922: Text injection in Keycloak Low
Patched
09.10.2025
SB2025090931: Multiple vulnerabilities in Keycloak Medium
Patched
09.09.2025
SB2025073159: Multiple vulnerabilities in Keycloak Medium
Patched
31.07.2025
SB2025043010: Multiple vulnerabilities in Keycloak Medium
Patched
30.04.2025
SB2025031143: Multiple vulnerabilities in Keycloak Medium
Patched
11.03.2025
SB2025020544: MitM attack in Keycloak Medium
Patched
05.02.2025
SB2025011349: Multiple vulnerabilities in Keycloak Low
Patched
13.01.2025
SB2024112532: Multiple vulnerabilities in Keycloak High
Patched
25.11.2024
SB2024110717: Keycloak update for Apache Sling Commons Messaging Mail Medium
Patched
07.11.2024
SB2024092017: Multiple vulnerabilities in Keycloak Low
Patched
20.09.2024
SB2024092009: Multiple vulnerabilities in Keycloak Medium
Patched Public exploit
20.09.2024
SB2024091823: Brute-force protection bypass in Keycloak Medium
Patched
18.09.2024
SB2024091740: Session Fixation in Keycloak Medium
Patched
17.09.2024
SB2024062410: Information disclosure in Keycloak Low
Patched
24.06.2024
SB2024062409: Multiple vulnerabilities in Keycloak Medium
Patched
24.06.2024


Showing elements 1 - 20 out of 73