CVE-2022-0087

keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2015-9240

Due to a bug in the the default sign in functionality in the keystone node module before 0.3.16, incomplete email addresses could be matched. A correct password is still required to complete sign in.