org.keycloak:keycloak-quarkus-server (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.keycloak:keycloak-quarkus-server, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (9)
CVE-2024-11734 — CVSS 6.5 (medium): A denial of service vulnerability was found in Keycloak that could allow an administrative user with the right to change realm settings to…
CVE-2024-10451 — CVSS 5.9 (medium): A flaw was found in Keycloak. This issue occurs because sensitive runtime values, such as passwords, may be captured during the Keycloak…
CVE-2024-10973 — CVSS 5.7 (medium): A vulnerability was found in Keycloak. The environment option `KC_CACHE_EMBEDDED_MTLS_ENABLED` does not work and the JGroups replication…
CVE-2025-11537 — CVSS 5.0 (medium): A flaw was found in Keycloak. When the logging format is configured to a verbose, user-supplied pattern (such as the pre-defined 'long'…
CVE-2024-11736 — CVSS 4.9 (medium): A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through…
CVE-2024-9666 — CVSS 4.7 (medium): A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service (DoS) attack due to improper…
CVE-2025-10939 — CVSS 3.7 (low): A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a…
CVE-2026-0976 — CVSS 3.7 (low): A flaw was found in Keycloak. This improper input validation vulnerability occurs because Keycloak accepts RFC-compliant matrix parameters…
CVE-2024-10492 — CVSS 2.7 (low): A vulnerability was found in Keycloak. A user with high privileges could read sensitive information from a Vault file that is not within…