Red hat single sign-on

This hub aggregates every CVE we track for Red hat single sign-on. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Red hat single sign-on.

• CVE-2026-27903minimatch has a ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments7.5Feb 26, 2026
• CVE-2024-12798JaninoEventEvaluator vulnerability7.3Dec 19, 2024
• CVE-2024-9823Jetty DOS vulnerability on DosFilter5.3Oct 14, 2024
• CVE-2024-8698Keycloak-saml-core: improper verification of saml responses leading to privilege escalation in keycloak7.7Sep 19, 2024
• CVE-2024-7885Undertow: improper state management in proxy protocol parsing causes information leakage7.5Aug 21, 2024
• CVE-2024-6162Undertow: url-encoded request path information can be broken on ajp-listener7.5Jun 20, 2024
• CVE-2024-4540Keycloak: exposure of sensitive information in pushed authorization requests (par) kc_restart cookie7.5Jun 3, 2024
• CVE-2023-6787Keycloak: session hijacking via re-authentication6.5Apr 25, 2024
• CVE-2023-6717Keycloak: xss via assertion consumer service url in saml post-binding flow6.0Apr 25, 2024
• CVE-2023-6544Keycloak: authorization bypass5.4Apr 25, 2024
• CVE-2023-6484Keycloak: log injection during webauthn authentication or registration5.3Apr 25, 2024
• CVE-2023-5685Xnio: stackoverflowexception when the chain of notifier states becomes problematically big7.5Mar 22, 2024
• CVE-2024-0560Apicast: use_3scale_oidc_issuer_endpoint of token introspection policy isn't compatible with rh-sso 7.5 or later versions6.3Feb 28, 2024
• CVE-2024-21490This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With larg...7.5Feb 10, 2024
• CVE-2023-2585Keycloak: client access via device auth request spoof3.5Dec 21, 2023