org.keycloak:keycloak-model-jpa

Maven3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.keycloak:keycloak-model-jpapage 1 of 1

CVE-2019-14832HIGHCVSS 7.5EG 7.5✓ Fixed in 7.0.1
2019-10-15
vulnerable: 1.0-alpha-1 ... 7.0.0 (103 versions)
A flaw was found in the Keycloak REST API before version 8.0.0 where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized inf…
CVE-2023-6563HIGHCVSS 7.7EG 7.7✓ Fixed in 21.0.0
2023-12-14
vulnerable: 1.0-alpha-1 ... 9.0.3 (148 versions)
An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens (> 500,000 users with each having at least 2 saved sessions). If an attacker creates tw…
CVE-2026-3190MEDIUMCVSS 4.3EG 4.3✓ Fixed in 26.5.6
2026-03-26
vulnerable: 1.0-alpha-1 ... 9.0.3 (222 versions)
A flaw was found in Keycloak. The User-Managed Access (UMA) 2.0 Protection API endpoint for permission tickets fails to enforce the `uma_protection` role check. This allows any authenticated user with a token issued for a resource server c…

Check whether org.keycloak:keycloak-model-jpa is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.keycloak:keycloak-model-jpa CVEs against the assets you own.

Start Free Scan →