Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

4 advisories

Loading
Keycloak Server-Side Request Forgery via OIDC token endpoint manipulation Low
CVE-2026-4874 was published for org.keycloak:keycloak-services (Maven) Mar 26, 2026
krapovneru Credited to krapovneru and dnegreira dnegreira dnegreira
Keycloak's identity-first login flow exposes user information Low
CVE-2026-4633 was published for org.keycloak:keycloak-services (Maven) Mar 23, 2026
dnegreira Credited to dnegreira and julianladisch julianladisch julianladisch
Keycloak has Improper Access Control that allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false Moderate
CVE-2026-4628 was published for org.keycloak:keycloak-services (Maven) Mar 23, 2026
dnegreira Credited to dnegreira
nzlaura Credited to nzlaura and dnegreira dnegreira dnegreira
ProTip! Advisories are also available from the GraphQL API