CVE-2026-42280

The CVE reports an issue in auth0-js where versions 8.11.0–9.32.0 may improperly return user profile information when a valid access token is used with a crafted invalid ID token, in scenarios where access control relies on Auth0 Actions. Root cause: improper validation in the Auth0.js SDK. Impac...

CVE-2026-42280 Improper Permission Checking in Auth.js SDK

Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0...

Auth0-PHP 安全特征问题漏洞

Auth0-PHP is an open-source PHP SDK developed by Auth0 for authentication and management of APIs using Auth0. Versions of Auth0-PHP from 8.0.0 to 8.19.0 had security vulnerabilities. These vulnerabilities stemmed from the use of encryption methods with insufficient entropy when handling cookies...

CVE-2025-68129 Auth0-PHP SDK has Improper Audience Validation

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Projects are affected if the...

EUVD-2025-203982

Auth0 WordPress has Improper Audience Validation via Auth0-PHP SDK Dependency...

GHSA-VVG7-8RMQ-92G7 Auth0 WordPress has Improper Audience Validation via Auth0-PHP SDK Dependency

Description In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Affected product and versions Projects are affected if they meet the following...

Auth0 Symfony SDK has Improper Audience Validation via Auth0-PHP SDK

Description In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Affected product and versions Projects are affected if they meet the following...

GHSA-MR6F-H57V-RPJ5 Improper Validation of Query Parameters in Auth0 Next.js SDK

Description An input-validation flaw in the returnTo parameter in the Auth0 Next.js SDK could allow attackers to inject unintended OAuth query parameters into the Auth0 authorization request. Successful exploitation may result in tokens being issued with unintended parameters Am I Affected? You a...

EUVD-2018-0187

Malware in sbrugna...

EUVD-2017-0359

Malware in sbrugna...

MAL-2025-15093 Malicious code in auth0-mcp-server (npm)

The package auth0-mcp-server was found to contain malicious code...

Auth0 auth0.js library cross-site request forgery vulnerability

Auth0 auth0.js library is the United States Auth0 company's set of Auth0 development platform tool library . A cross-site request forgery vulnerability exists in versions of the Auth0 auth0.js library prior to 9.3, which stems from the program failing to properly handle the absence of the 'state'...