Auth0-lock

This hub aggregates every CVE we track for Auth0-lock, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

OSS Libraries

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

MEDIUM3HIGH1

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 4 most recently published vulnerabilities affecting Auth0-lock.

CVE-2022-29172HTML injection with additional signup fields6.1May 5, 2022
CVE-2021-32641Reflected XSS when using flashMessages8.1Jun 4, 2021
CVE-2020-15119DOM-based XSS in auth0-lock6.4Aug 19, 2020
CVE-2019-20174Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is used with an untrusted placeholder.6.1Feb 3, 2020

Product normalization is registry-driven with AI assist and human review. How it works