Launch Week Day 1: Announcing Security Design Review
Start for Free
maven

org.keycloak:keycloak-parent

View on maven registry
27 Total advisories
27 Vulnerabilities
0 Malware

Vulnerabilities

MEDIUM 5.3
Maven

CVE-2026-0707

Keycloak has Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
MEDIUM 5.4
Maven

CVE-2022-2256

Keycloak vulnerable to Stored Cross site Scripting (XSS) when loading default roles
HIGH 7.5
Maven

CVE-2017-12159

Keycloak CSRF Vulnerability
MEDIUM 5.4
Maven

CVE-2017-12158

Keycloak Reflected XSS
LOW 2.7
Maven

CVE-2026-1518

Keycloak Server-Side Request Forgery (SSRF) vulnerability
MEDIUM 4.6
Maven

GHSA-3p75-q5cc-qmj7

Duplicate Advisory: Keycloak Open Redirect vulnerability
HIGH 7.2
Maven

CVE-2022-2668

Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console
UNKNOWN
Maven

GHSA-m98g-63qj-fp8j

Reflected XSS on clients-registrations endpoint
LOW 2.7
Maven

CVE-2020-1717

Generation of Error Message Containing Sensitive Information in Keycloak
MEDIUM 6.8
Maven

CVE-2022-3916

Keycloak vulnerable to session takeover with OIDC offline refreshtokens
CRITICAL 9.8
Maven

CVE-2019-14910

Keycloak Authentication Error
HIGH 8.3
Maven

CVE-2019-14909

Keycloak Authentication Error
HIGH 7.2
Maven

CVE-2017-12160

Keycloak Oauth Implementation Error
HIGH 7.1
Maven

CVE-2021-3461

Keycloak insufficient session expiration
HIGH 8.1
Maven

CVE-2022-4137

Keycloak Cross-site Scripting on OpenID connect login service
HIGH 8.1
Maven

CVE-2018-14657

Keycloak Improper Bruteforce Detection
MEDIUM 5.4
Maven

CVE-2018-14655

Keycloak vulnerable to cross-site scripting via the state parameter
CRITICAL 9.1
Maven

CVE-2022-3782

Keycloak vulnerable to path traversal via double URL encoding

HIGH 7.5
Maven

CVE-2021-3513

Incorrect implementation of lockout feature in Keycloak
HIGH 8.3
Maven

CVE-2021-20222

Code injection in keycloak
MEDIUM 5.9
Maven

CVE-2020-1758

Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Keycloak
MEDIUM 5.4
Maven

CVE-2020-1725

Incorrect Authorization in keycloak
HIGH 8.8
Maven

CVE-2020-1718

Improper Authentication for Keycloak
MEDIUM 4.9
Maven

CVE-2020-1694

Incorrect Permission Assignment for Critical Resource and Permissive List of Allowed Inputs in Keycloak
HIGH 7.5
Maven

CVE-2020-14366

Path Traversal
HIGH 7.5
Maven

CVE-2020-10758

Allocation of Resources Without Limits or Throttling in Keycloak
MEDIUM 6.1
Maven

CVE-2020-10748

Cross-site Scripting in Keycloak

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes