HIGH PyPI
GHSA-mf98-r2gf-2x3w · CVE-2012-4456 OpenStack Keystone Improper Authentication vulnerability
Modified: 11/8/2023
package
PyPI / keystone
pkg:pypi/keystone
MEDIUM PyPI
GHSA-mrxv-65rv-6hxq · CVE-2012-4413 OpenStack Keystone does not invalidate existing tokens when granting or revoking roles
Modified: 5/28/2026
HIGH 7.7 PyPI
GHSA-pfx2-9x9m-7ghx · CVE-2026-40683 OpenStack Keystone: LDAP identity backend does not convert enabled attribute to boolean
Modified: 4/16/2026
MEDIUM 5.9 PyPI
GHSA-qh2x-hpf9-cf2g · CVE-2013-2255 OpenStack Keystone and other components vulnerable to Improper Certificate Validation
Modified: 5/2/2024
MEDIUM 5.4 PyPI
GHSA-qvpr-qm6w-6rcc · CVE-2012-5571 OpenStack Keystone intended authorization restrictions bypass
Modified: 4/7/2026
MEDIUM 5.4 PyPI
GHSA-rqw2-hhrf-7936 · CVE-2020-12692, PYSEC-2020-56 OpenStack Keystone does not check signature TTL of the EC2 credential auth method
Modified: 9/27/2024
LOW PyPI
GHSA-rxrm-xvp4-jqvh · CVE-2013-2006 OpenStack Keystone Sensitive information disclosure via log files
Modified: 11/22/2024
MEDIUM 6.5 PyPI
GHSA-v8fq-gq9j-3v7h · CVE-2014-5252, PYSEC-2014-108 OpenStack Identity (Keystone) UUID v2 tokens does not expire with revocation events
Modified: 11/26/2024
MEDIUM 5.9 PyPI
GHSA-w66p-78g4-mr7g · CVE-2012-5563, PYSEC-2012-20 OpenStack Keystone Insufficient token expiration
Modified: 9/27/2024
MEDIUM PyPI
GHSA-x8h4-xf47-pqc3 · CVE-2012-4457 OpenStack Keystone Token authorization for a user in a disabled tenant is allowed
Modified: 1/12/2024
MEDIUM PyPI
GHSA-xp97-6w7r-4cjc · CVE-2012-3426 OpenStack Keystone token expiration issues
Modified: 11/22/2024
— PyPI
PYSEC-2012-19 · CVE-2012-3542, GHSA-gf2q-j2qq-pjf2 Modified: 10/9/2025
— PyPI
PYSEC-2012-20 · CVE-2012-5563, GHSA-w66p-78g4-mr7g Modified: 10/9/2025
— PyPI
PYSEC-2013-39 · CVE-2013-1865, GHSA-22q6-wwq7-2jj9 Modified: 11/25/2024
— PyPI
PYSEC-2013-41 · CVE-2013-2059, GHSA-hj89-qmx9-8qmh Modified: 11/25/2024
— PyPI
PYSEC-2013-42 · CVE-2013-4294, GHSA-5qpp-v56f-mqfm Modified: 11/25/2024
— PyPI
PYSEC-2014-105 · CVE-2014-2237, GHSA-23x9-8hxr-978c Modified: 11/25/2024
— PyPI
PYSEC-2014-106 · CVE-2014-2828, GHSA-6mv3-p2gr-wgqf Modified: 11/25/2024
— PyPI
PYSEC-2014-107 · CVE-2014-5251, GHSA-gmvp-5rf9-mxcm Modified: 11/25/2024
— PyPI
PYSEC-2014-108 · CVE-2014-5252, GHSA-v8fq-gq9j-3v7h Modified: 11/25/2024
— PyPI
PYSEC-2014-109 · CVE-2014-5253, GHSA-77w8-qv8m-386h Modified: 11/25/2024
MEDIUM 4.3 PyPI
PYSEC-2016-38 · CVE-2016-4911, GHSA-f82m-w3p3-cgp3 Modified: 11/25/2024
HIGH 7.2 PyPI
PYSEC-2018-152 · CVE-2017-2673, GHSA-j36m-hv43-7w7m Modified: 11/25/2024
— PyPI
PYSEC-2018-9 · CVE-2018-20170 Modified: 11/8/2023
— PyPI
PYSEC-2019-29 · CVE-2019-19687, GHSA-2j23-fwqm-mgwr Modified: 11/8/2023
— PyPI
PYSEC-2020-53 · CVE-2020-12689, GHSA-chgw-36xv-47cw Modified: 4/29/2024
— PyPI
PYSEC-2020-54 · CVE-2020-12690, GHSA-6m8p-x4qw-gh5j Modified: 11/8/2023
— PyPI
PYSEC-2020-55 · CVE-2020-12691, GHSA-4427-7f3w-mqv6 Modified: 4/29/2024
— PyPI
PYSEC-2020-56 · CVE-2020-12692, GHSA-rqw2-hhrf-7936 Modified: 11/8/2023
MEDIUM 5.3 PyPI
GHSA-22q6-wwq7-2jj9 · CVE-2013-1865, PYSEC-2013-39 OpenStack Keystone Improper Authentication vulnerability
Modified: 11/26/2024
MEDIUM 6.5 PyPI
GHSA-23x9-8hxr-978c · CVE-2014-2237, PYSEC-2014-105 OpenStack Identity (Keystone) Trustee token revocations does not work with memcache backend
Modified: 4/13/2025
MEDIUM PyPI
GHSA-274v-r947-v34r · CVE-2014-3476 OpenStack Identity Keystone is vulnerable to Block delegation escalation of privilege
Modified: 5/19/2024
HIGH 8.8 PyPI
GHSA-2j23-fwqm-mgwr · CVE-2019-19687, PYSEC-2019-29 OpenStack Keystone Credential Leakage
Modified: 9/27/2024
HIGH 7.5 PyPI
GHSA-4225-97pr-rr52 · CVE-2021-38155 OpenStack Keystone allows information disclosure during account locking
Modified: 5/19/2024
HIGH 8.8 PyPI
GHSA-4427-7f3w-mqv6 · CVE-2020-12691, PYSEC-2020-55 OpenStack Keystone V3 /credentials endpoint policy logic allows to change credentials owner or target project ID
Modified: 9/27/2024
LOW 3.5 PyPI
GHSA-4phw-6824-6cfp · CVE-2026-33551 OpenStack Keystone: Restricted application credentials can create EC2 credentials
Modified: 4/10/2026
MEDIUM 6.5 PyPI
GHSA-4ppj-4p4v-jf4p · CVE-2013-0270 OpenStack Keystone Denial of Service vulnerability via a large HTTP request
Modified: 4/7/2026
MEDIUM 5.3 PyPI
GHSA-5qpp-v56f-mqfm · CVE-2013-4294, PYSEC-2013-42 OpenStack Identity (Keystone) allows remote attackers to bypass intended access restrictions via revoked PKI token
Modified: 11/26/2024
HIGH 8.8 PyPI
GHSA-6m8p-x4qw-gh5j · CVE-2020-12690, PYSEC-2020-54 Insufficient Session Expiration in OpenStack Keystone
Modified: 9/27/2024
HIGH 7.5 PyPI
GHSA-6mv3-p2gr-wgqf · CVE-2014-2828, PYSEC-2014-106 OpenStack Identity (Keystone) DoS through V3 API authentication chaining
Modified: 4/13/2025
MEDIUM PyPI
GHSA-7332-36h8-8jh8 · CVE-2013-2014 OpenStack Identity (Keystone) Denial of Service
Modified: 5/19/2024
MEDIUM 6.5 PyPI
GHSA-77w8-qv8m-386h · CVE-2014-5253, PYSEC-2014-109 OpenStack Keystone Domain-scoped tokens don't get revoked
Modified: 11/26/2024
MEDIUM PyPI
GHSA-8833-qrvm-wc3h · CVE-2013-0282 OpenStack Keystone allows context-dependent attackers to bypass access restrictions
Modified: 5/9/2024
HIGH 7.5 PyPI
GHSA-8c4w-v65p-jvcv · CVE-2015-7546, PYSEC-2016-20 OpenStack Identity Keystone and keystonemiddleware Insufficiently Protected Credentials
Modified: 9/27/2024
MEDIUM PyPI
GHSA-8v8f-vc72-pmhc · CVE-2014-3621 OpenStack Identity Keystone Exposure of Sensitive Information
Modified: 5/19/2024
MEDIUM PyPI
GHSA-c4p9-87h3-7vr4 · CVE-2014-0204 OpenStack Identity Keystone Improper Privilege Management
Modified: 5/19/2024
CRITICAL 9.1 PyPI
GHSA-cc99-whm5-mmq3 · CVE-2021-3563 Openstack Keystone Incorrect Authorization vulnerability
Modified: 2/16/2024
HIGH 8.8 PyPI
GHSA-chgw-36xv-47cw · CVE-2020-12689, PYSEC-2020-53 OpenStack Keystone EC2 and/or credential endpoints are not protected from a scoped context
Modified: 9/27/2024
MEDIUM 4.3 PyPI
GHSA-f82m-w3p3-cgp3 · CVE-2016-4911, PYSEC-2016-38 OpenStack Identity Keystone Improper Access Control
Modified: 11/26/2024
LOW PyPI
GHSA-f889-wfwm-6p7m · CVE-2013-4477 OpenStack Identity Keystone Privilege Escalation vulnerability
Modified: 4/10/2024
HIGH 7.5 PyPI
GHSA-gf2q-j2qq-pjf2 · CVE-2012-3542, PYSEC-2012-19 OpenStack Keystone Allows Remote User Account Creation
Modified: 5/28/2026
MEDIUM 6.5 PyPI
GHSA-gmvp-5rf9-mxcm · CVE-2014-5251, PYSEC-2014-107 OpenStack Identity (Keystone) Multiple vulnerabilities in revocation events
Modified: 11/26/2024
HIGH 7.5 PyPI
GHSA-hcqg-5g63-7j9h · CVE-2025-65073 OpenStack Keystone allows /v3/ec2tokens or /v3/s3tokens request with valid AWS Signature to provide Keystone authorization.
Modified: 11/18/2025
HIGH 7.9 PyPI
GHSA-hhq2-3832-xxcv · CVE-2026-43001 OpenStack Keystone has an Incorrect Authorization Issue
Modified: 5/28/2026
MEDIUM 4.3 PyPI
GHSA-hj89-qmx9-8qmh · CVE-2013-2059, PYSEC-2013-41 OpenStack Identity (Keystone) improper revoking of the authentication token when deleting a user
Modified: 11/26/2024
HIGH 7.2 PyPI
GHSA-j36m-hv43-7w7m · CVE-2017-2673, PYSEC-2018-152 OpenStack Identity service (keystone) Incorrect Authorization
Modified: 11/26/2024
MEDIUM PyPI
GHSA-jwpw-ppj5-7h4w · CVE-2015-3646 OpenStack Keystone Logs Passwords
Modified: 12/7/2023