keycloak-fips vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the keycloak-fips package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Improper Neutralization	<26.3.2-r1
L GHSA-9342-92gg-6v29	<26.3.2-r1
L GHSA-hq9p-pm7w-8p54	<26.2.5-r3
M Improper Authentication	<26.2.5-r3
L GHSA-hw58-3793-42gg	<26.2.2-r0
L GHSA-5jfq-x6xp-7rw2	<26.2.2-r0
H Improper Validation of Certificate with Host Mismatch	<26.2.2-r0
M Improper Authentication	<26.2.2-r0
L GHSA-2p82-5wwr-43cw	<26.1.1-r0
H CVE-2023-6841	<26.1.4-r0
L GHSA-w97f-w3hq-36g2	<26.1.4-r0
L GHSA-phg3-gv66-q38x	<26.1.3-r0
H Exposure of Data Element to Wrong Session	<26.1.3-r0
L Improper Input Validation	<26.1.3-r0
L GHSA-q4xq-445g-g6ch	<26.1.3-r0
L GHSA-4g8c-wm8x-jfhw	<26.1.2-r1
L CVE-2025-24970	<26.1.2-r1
M Improper Authentication	<26.1.1-r0
L GHSA-m3hp-8546-5qmr	<26.1.1-r0
M Open Redirect	<23.0.4-r0
L GHSA-5rxp-2rhr-qwqv	<25.0.4-r0
L GHSA-cxrx-q234-m22m	<26.0.7-r1
H HTTP Request Smuggling	<26.0.7-r1
L GHSA-93ww-43rr-79v3	<26.0.6-r0
L GHSA-jgwc-jh89-rpgq	<26.0.6-r0
M Inefficient Regular Expression Complexity	<26.0.6-r0
L External Control of File Name or Path	<26.0.6-r0
L GHSA-5545-r4hg-rj4m	<26.0.6-r0
L GHSA-v7gv-xpgf-6395	<26.0.6-r0
L GHSA-wq8x-cg39-8mrr	<26.0.6-r0
M Use of Hard-coded Credentials	<26.0.6-r0
M HTTP Request Smuggling	<26.0.6-r0
L CVE-2024-10039	<26.0.6-r0
H Session Fixation	<25.0.4-r0
L Information Exposure	<25.0.0-r0
L GHSA-j76j-rqwj-jmvv	<25.0.4-r0
L GHSA-c25h-c27q-5qpv	<25.0.0-r0
L Incorrect Default Permissions	<25.0.0-r0
L GHSA-gmrm-8fx4-66x7	<25.0.0-r0
L GHSA-69fp-7c8p-crjr	<25.0.0-r0
L CVE-2024-29857	<25.0.0-r0
L GHSA-8xfc-gm6g-vgpv	<25.0.0-r0
L GHSA-4h8f-2wvx-gg5w	<25.0.0-r0
L CVE-2024-30172	<25.0.0-r0
L CVE-2024-30171	<25.0.0-r0
L GHSA-v435-xc8x-wvr9	<25.0.0-r0
L CVE-2024-34447	<25.0.0-r0
L GHSA-2cww-fgmg-4jqc	<25.0.0-r0
H Information Exposure	<25.0.0-r0
L GHSA-m44j-cfrm-g8qc	<25.0.0-r0
L Improper Authorization	<24.0.3-r1
L GHSA-25w4-hfqg-4r52	<24.0.3-r1
L GHSA-f8h5-v2vg-46rr	<24.0.3-r1
L Information Exposure Through Environmental Variables	<24.0.3-r1
H Improper Authentication	<24.0.3-r0
L Open Redirect	<24.0.3-r0
L GHSA-mrv8-pqfj-7gp5	<24.0.3-r0
L Cross-site Scripting (XSS)	<24.0.3-r0
L Permissive Regular Expression	<24.0.3-r0
L GHSA-4f53-xh3v-g8x4	<24.0.3-r0
L GHSA-m6q9-p373-g5q8	<24.0.3-r0
L GHSA-7fpj-9hr8-28vh	<24.0.3-r0
L Improper Check for Dropped Privileges	<24.0.3-r0
L GHSA-c9h6-v78w-52wj	<24.0.3-r0
L GHSA-46c8-635v-68r2	<24.0.3-r0
L GHSA-72vp-xfrc-42xm	<24.0.3-r0
L Directory Traversal	<24.0.3-r0
L GHSA-8rmm-gm28-pj8q	<24.0.3-r0
L CVE-2024-1249	<24.0.3-r0
L Improper Authentication	<24.0.3-r0
L CVE-2024-29025	<24.0.3-r0
L GHSA-5jpm-x58v-624v	<24.0.3-r0
M Arbitrary Code Injection	<24.0.0-r0
L GHSA-jw7r-rxff-gv24	<24.0.0-r0
C SQL Injection	<23.0.7-r0
L GHSA-xfg6-62px-cxc2	<23.0.7-r0
L GHSA-24rp-q3w6-vc56	<23.0.7-r0
L GHSA-9vm7-v8wj-3fqw	<23.0.4-r0

Vulnerability

Vulnerable Version

Improper Neutralization

<26.3.2-r1