Is keystone safe to use?

keystone has 4 known vulnerabilities on the latest version (29.0.1). DepScope rates its health at 68/100 (moderate risk).

What is the latest version of keystone?

The latest version of keystone is 29.0.1, released 2026-04-16.

Does keystone have known vulnerabilities?

Yes. keystone has 4 known vulnerabilities. See depscope.dev/pkg/pypi/keystone for details.

Is keystone deprecated?

No, keystone is actively maintained. Latest release: 29.0.1 (2026-04-16).

What are alternatives to keystone?

Popular alternatives to keystone in PyPI include: boto3, packaging, idna, certifi, urllib3.

What license does keystone use?

keystone is licensed under Apache-2.0.

keystone

pypiv29.0.1

OpenStack Identity

License Apache-2.0permissive61 versions33 deps14,397 weekly dl

/ 100

Health

update required

[email protected] has vulnerabilities — update to latest

Update to >= f9d4766249a72d8f88d75dcf1575b28dd3496681 to fix known vulnerabilities

Moderate health score (68/100) — verify manually
1 high severity vulnerabilities

Health breakdown0 – 100

25/25

maintenance

10/20

popularity

18/25

security

15/15

maturity

0/15

community

Vulnerabilities

1 high1 medium2 low

Advisories (4)

Severity	ID	Summary	Fixed in
high	CVE-2012-3542	OpenStack Keystone Allows Remote User Account Creation	2012.1
medium	CVE-2012-4413	OpenStack Keystone does not invalidate existing tokens when granting or revoking roles	2012.1.3
unknown	CVE-2012-3542	OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540.	c13d0ba606f7b2bdc609a7f388334e5efec3f3aa
unknown	CVE-2012-5563	OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression.	f9d4766249a72d8f88d75dcf1575b28dd3496681

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/pypi/keystone