auth0

Top products

The 15 most recently published vulnerabilities affecting auth0.

• CVE-2026-42280Improper Permission Checking in Auth.js SDK7.1May 27, 2026
• CVE-2026-40155Auth0 Next.js SDK has Improper Proxy Cache Lookup5.4Apr 17, 2026
• CVE-2026-34236Auth0 PHP SDK Insufficient Entropy in Cookie Encryption8.2Apr 1, 2026
• CVE-2025-68129Auth0-PHP SDK has Improper Audience Validation6.8Dec 17, 2025
• CVE-2025-67716Auth0 Next.js SDK has Improper Validation of Query Parameters5.7Dec 11, 2025
• CVE-2025-67490Auth0 Next.js SDK has Improper Request Caching Lookup5.4Dec 10, 2025
• CVE-2025-65945auth0/node-jws improper HMAC signature verification vulnerability7.5Dec 4, 2025
• CVE-2025-58769auth0-PHP: Improper File Type Handling in Bulk User Import3.3Oct 1, 2025
• CVE-2025-47275Brute Force Authentication Tags of CookieStore Sessions in Auth0-PHP SDK9.1May 15, 2025
• CVE-2023-6813Login by Auth0 <= 4.6.0 - Reflected Cross-Site Scripting via wle6.1Jul 10, 2024
• CVE-2022-23539jsonwebtoken unrestricted key type could lead to legacy keys usage5.9Dec 22, 2022
• CVE-2022-23540jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()6.4Dec 22, 2022
• CVE-2022-23541jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC5.0Dec 22, 2022
• CVE-2022-23505Passport-wsfed-saml2 vulnerable to Authentication Bypass for WSFed authentication5.3Dec 13, 2022
• CVE-2022-29172HTML injection with additional signup fields6.1May 5, 2022