7 matches found
MAL-2026-5999 Malicious code in @mastra/auth-auth0 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b0fbe96c59a0cfac17ddbee22541fc2ba13a1ef82c91d75bc4b202c66aec4e4d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EUVD-2025-178255
Malicious code in json-protractor-nestjs-auth0 npm...
MAL-2025-186876 Malicious code in event-husky-tachyon-auth0 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 47d6d40bbd46796ffe0433b9e3e0fd88b76fb46ceb7a4973ff526bea29bf1b9d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-113734
Malicious code in express-fetch-build-auth0 npm...
EUVD-2025-116901
Malicious code in achernar-magellan-server-auth0 npm...
CVE-2020-15125
In auth0 npm package versions before 2.27.1, a DenyList of specific keys that should be sanitized from the request object contained in the error object is used. The key for Authorization header is not sanitized and in certain cases the Authorization header value can be logged exposing a bearer...
CVE-2020-15125
In auth0 npm package versions before 2.27.1, a DenyList of specific keys that should be sanitized from the request object contained in the error object is used. The key for Authorization header is not sanitized and in certain cases the Authorization header value can be logged exposing a bearer...