Ecosyste.ms: Packages

An open API service providing package, version and dependency metadata of many open source software ecosystems and registries.

Top 1.2% on repo1.maven.org
Top 0.8% dependent packages on repo1.maven.org
Top 0.6% dependent repos on repo1.maven.org
Top 1.2% forks on repo1.maven.org
Top 1.8% docker downloads on repo1.maven.org

repo1.maven.org : org.keycloak:keycloak-services

Keycloak SSO

Registry - Source - Homepage - Documentation - JSON
purl: pkg:maven/org.keycloak/keycloak-services
Keywords: keycloak, oidc, saml
License: Apache-2.0
Latest release: 26 days ago
First release: over 10 years ago
Namespace: org.keycloak
Dependent packages: 90
Dependent repositories: 561
Stars: 18,086 on GitHub
Forks: 5,848 on GitHub
Docker dependents: 358
Docker downloads: 3,198,205
Total Commits: 18303
Committers: 1296
Average commits per author: 14.123
Development Distribution Score (DDS): 0.871
More commit stats: commits.ecosyste.ms
See more repository details: repos.ecosyste.ms
Last synced: 8 days ago

Moderate
GSA_kwCzR0hTQS04cm1tLWdtMjgtcGo4cc4AA7I3
Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: github
Published: 24 days ago
Low
GSA_kwCzR0hTQS03ZnBqLTlocjgtMjh2aM4AA7JC
Keycloak vulnerable to impersonation via logout token exchange
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: github
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS1jOWg2LXY3OHctNTJ3as4AA7JB
Keycloak vulnerable to session hijacking via re-authentication
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: github
Published: 24 days ago
High
GSA_kwCzR0hTQS1tcnY4LXBxZmotN2dwNc4AA7I1
Keycloak path traversal vulnerability in the redirect validation
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: github
Published: 24 days ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ4NHEtNzg0cC04bTVo
Cross-site Scripting in keycloak
Ecosystems: maven
Packages: org.keycloak:keycloak-services, org.keycloak:keycloak-server-spi-private
Source: github
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS0zcDYyLTZmamgtM3A1aM4AA0KH
Keycloak vulnerable to cross-site scripting when validating URI-schemes on SAML and OIDC
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: github
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1wZjM4LWN3M3AtMjJxOc1Bjg
Keycloak is vulnerable to IDN homograph attack
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: github
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00ZjUzLXhoM3YtZzh4NM4AA7I2
Keycloak secondary factor bypass in step-up authentication
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: github
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS01cjd3LXBqeDgtOTlxZ84AAgT1
JBoss KeyCloak Open Redirect
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: github
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qNjI4LXE4ODUtOGdyNc4AA7I-
Keycloak vulnerable to log Injection during WebAuthn authentication or registration
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: github
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS00NmM4LTYzNXYtNjhyMs4AA7I4
Keycloak Authorization Bypass vulnerability
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: github
Published: 24 days ago
High
GSA_kwCzR0hTQS03MnZwLXhmcmMtNDJ4bc4AA7JA
Keycloak path transversal vulnerability in redirection validation
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: github
Published: 24 days ago
High
GSA_kwCzR0hTQS1tNnE5LXAzNzMtZzVxOM4AA7I_
Keycloak's unvalidated cross-origin messages in checkLoginIframe leads to DDoS
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: github
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS1tNGZ2LWdtNW0tNDcyNc4AAx5L
HTML Injection in Keycloak Admin REST API
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: github
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1mNWg0LXdtcDUteGhnNs4AA0KF
Client Spoofing within the Keycloak Device Authorisation Grant
Ecosystems: maven
Packages: org.keycloak:keycloak-server-spi-private, org.keycloak:keycloak-services
Source: github
Published: 11 months ago
High
GSA_kwCzR0hTQS04M3g0LTljd3ItNTQ4N80gtA
Improper Authorization in Keycloak
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: github
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS14dnY4LTh3aDktOWZoMs4AARPu
Keycloak Authentication Error
Ecosystems: maven
Packages: org.keycloak:keycloak-services, org.keycloak:keycloak-saml-adapter-core
Source: github
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0zcWg1LXFxajItYzc4Zs4AA0KI
Keycloak vulnerable to Improper Client Certificate Validation for OAuth/OpenID clients
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: github
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS0yMzdxLTZoanAtcGNocc4AAgTT
JBoss KeyCloak is vulnerable to soft token deletion via CSRF
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: github
Published: almost 2 years ago
High
GSA_kwCzR0hTQS14cjZxLXFxeDctNTUzZ84AAYP5
JBoss Keycloak CSRF Vulnerability
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: github
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13MzU0LTJmM2MtcXZnOc4AAx5J
Keycloak vulnerable to Cross-site Scripting
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: github
Published: about 1 year ago
Low
GSA_kwCzR0hTQS04aGM1LXJtZ2YtcXg2cM4AA3a0
Keycloak vulnerable to LDAP Injection on UsernameForm Login
Ecosystems: maven
Packages: org.keycloak:keycloak-services, org.keycloak:keycloak-ldap-federation
Source: github
Published: 5 months ago
Critical
GSA_kwCzR0hTQS03NXA2LTUyZzMtcnFjOM1BLA
Keycloak vulnerable to privilege escalation on Token Exchange feature
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: github
Published: about 2 years ago
High
GSA_kwCzR0hTQS05Zzk4LTVtajYtZjltds4AAx6j
Keycloak vulnerable to user impersonation via stolen UUID code
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: github
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1jdmcyLTdjM2otZzM2as4AA34J
Keycloak vulnerable to reflected XSS via wildcard in OIDC redirect_uri
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: github
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS01OTY4LXF3MzMtaDQ3as4AA3yT
Duplicate Advisory: Keycloak vulnerable to reflected XSS via wildcard in OIDC redirect_uri
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: github
Published: 5 months ago
Withdrawn: 5 months ago
High
GSA_kwCzR0hTQS1tcHdxLWozeGYtN201d84AA39_
The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: github
Published: 5 months ago
Low
GSA_kwCzR0hTQS1td200LTVxd3ItZzlwZs1Bjw
Keycloak is vulnerable to IDN homograph attack
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: github
Published: about 2 years ago