GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
8 advisories
Keycloak affected by improper invitation token validation
High
CVE-2026-1529
was published
for
org.keycloak:keycloak-services
(Maven)
Feb 9, 2026
Keycloak Affected by Broken Access Control Vulnerability in the UserManagedPermissionService
Moderate
CVE-2025-14778
was published
for
org.keycloak:keycloak-services
(Maven)
Feb 9, 2026
Keycloak fails to verify if an Identity Provider (IdP) is enabled before issuing tokens
High
CVE-2026-1486
was published
for
org.keycloak:keycloak-services
(Maven)
Feb 9, 2026
Keycloak Admin API allows an administrator with limited privileges to retrieve sensitive custom attributes
Low
CVE-2025-13881
was published
for
org.keycloak:keycloak-services
(Maven)
Feb 2, 2026
Keycloak services allows the issuance of access and refresh tokens for disabled users
Moderate
CVE-2025-14559
was published
for
org.keycloak:keycloak-services
(Maven)
Jan 21, 2026
Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization
Moderate
CVE-2025-13467
was published
for
org.keycloak:keycloak-ldap-federation
(Maven)
Dec 19, 2025
Keycloak does not invalidate offline sessions when the offline_access scope is removed
Moderate
CVE-2025-12110
was published
for
org.keycloak:keycloak-services
(Maven)
Oct 23, 2025
Keycloak does not invalidate sessions when "Remember Me" is disabled
Moderate
CVE-2025-11429
was published
for
org.keycloak:keycloak-services
(Maven)
Oct 23, 2025
ProTip!
Advisories are also available from the
GraphQL API