com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak (=24.3.0.0), com.github.wnameless.spring.boot.up:spring-boot-up-keycloak-plugin (=24.3.0.0) +45 more potentially affected by CVE-2026-37980 via org.keycloak:keycloak-themes (>=10.0.0 <=9.0.3)

org.keycloak:keycloak-themes MAVEN version =10.0.0, =2.5.6-24.0, =0.1.0, =2.6.0.Final, =8.1, =1.0.0, =26.3.0, =26.1.0, =26.4.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.6.0 and more Source cves: CVE-2026-37980https://vulners.com/cve/CVE-2026-...

Keycloak 26.x < 26.0.10 / 26.1.x < 26.1.3 / 26.2.0 Improper Authorization

The version of Keycloak installed on the remote host is 26.0 prior to 26.0.10, 26.1 prior to 26.1.3, or prior to 26.2.0. It is, therefore, affected by an Improper Authorization vulnerability. A flaw was found in the Keycloak organization feature, which allows the incorrect assignment of an...

be.jidoka:jdk-keycloak-admin (>=2.0.0 <=2.2.0), cn.sparrowmini:sparrow-keycloak-adapter (>=0.0.1 <=0.0.2) +451 more potentially affected by CVE-2023-1664 via org.keycloak:keycloak-core (>=1.0-alpha-1 <=21.1.1)

org.keycloak:keycloak-core MAVEN version =1.0-alpha-1, =2.0.0, =0.0.1, =1.5.1, =1.5.1, =1.6.2, =1.6.2, =1.5.2, =1.5.2, =1.7.2, =1.7.2, =1.0.22, =1.0.22, =1.4.3, =1.4.3, =1.2.9, =1.5.0 and more Source cves: CVE-2023-1664 Source advisory: OSV:GHSA-5CC8-PGP5-7MPM...