auth0 Summary
Latest vulnerabilities published by auth0
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Session Cookie Vulnerability in Auth0 Next.js SDK for User Authentication
CVE-2025-48947Auth0Nextjs-auth07.7HIGHSAML Authentication Vulnerability in Passport-WSFED-SAML2 by Auth0
CVE-2025-46573Auth0Passport-wsfed-saml28.6HIGHSAML Authentication Vulnerability in Auth0's Passport Strategy for WS-fed and SAML2
CVE-2025-46572Auth0Passport-wsfed-saml29.3CRITICALAccount Linking Vulnerability in Auth0 Extension
CVE-2025-46345Auth0-extensionsAuth0-account-link-ext...6.9MEDIUMJWE Token Validation Issue in Auth0 Next.js SDK
CVE-2025-46344Auth0Nextjs-auth04.9MEDIUMjsonwebtoken unrestricted key type could lead to legacy keys usage
CVE-2022-23539Auth0Node-jsonwebtoken5.9MEDIUMjsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()
CVE-2022-23540Auth0Node-jsonwebtoken7.6HIGHjsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC
CVE-2022-23541Auth0Node-jsonwebtoken5MEDIUMPassport-wsfed-saml2 vulnerable to Authentication Bypass for WSFed authentication
CVE-2022-23505Auth0Passport-wsfed-saml25.3MEDIUMHTML injection with additional signup fields
CVE-2022-29172Auth0Lock6.1MEDIUMOpen Redirect in express-openid-connect
CVE-2022-24794Auth0Express-openid-connect7.5HIGHOpen redirect in nextjs-auth0
CVE-2021-43812Auth0Nextjs-auth06.4MEDIUMSession fixation in express-openid-connect
CVE-2021-41246Auth0Express-openid-connect4.6MEDIUMReflected XSS from the callback handler's error query parameter
CVE-2021-32702Auth0Nextjs-auth08HIGHReflected XSS when using flashMessages
CVE-2021-32641Auth0Lock8.1HIGHCSRF in Auth0 ad-ldap-connector
CVE-2020-15259Auth0Ad-ldap-connector8.1HIGHRegression in JWT Signature Validation
CVE-2020-15240Auth0Omniauth-auth07.4HIGHDOM-based XSS in auth0-lock
CVE-2020-15119Auth0Lock6.4MEDIUMAuthorization header is not sanitized in an error object in auth0
CVE-2020-15125Auth0Node-auth07.7HIGHAuthorization bypass in express-jwt
CVE-2020-15084Auth0Express-jwt7.7HIGHInformation disclosure through error object
CVE-2020-5263Auth0Auth0.js5.5MEDIUMCross-Site Scripting Vulnerability in Auth0 Lock
CVE-2019-20174Auth0Lock6.1MEDIUMIncorrect Access Control in Auth0 IdentityTokenValidator
CVE-2019-16929Auth0Auth0.net7.5HIGHAuthentication Bypass in Auth0 Passport-SharePoint by Auth0
CVE-2019-13483Auth0Passport-sharepoint7.3HIGHJWT Signature Leak Vulnerability in Auth0 WCF Service
CVE-2019-7644Auth0Auth0-wcf-service-jwt9.8CRITICAL