794 matches found
Improper Validation of Query Parameters in Auth0 Next.js SDK
Description An input-validation flaw in the returnTo parameter in the Auth0 Next.js SDK could allow attackers to inject unintended OAuth query parameters into the Auth0 authorization request. Successful exploitation may result in tokens being issued with unintended parameters Am I Affected? You a...
Incorrect Authorization
Overview @auth0/nextjs-auth0 is a Next.js SDK for signing in with Auth0 Affected versions of this package are vulnerable to Incorrect Authorization via improper lookups in TokenRequestCache. An attacker can access sensitive information belonging to other users by making simultaneous requests on t...
GHSA-WCGJ-F865-C7J7 Improper Request Caching Lookup in the Auth0 Next.js SDK
Description When using affected versions of the Next.js SDK, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. Am I Affected? You are affected if you meet the following preconditions: - Applications using the auth0/nextjs-aut...
PT-2025-50552
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in...
nextjs-auth0 安全漏洞
nextjs-auth0 is an Auth0 open source Next.js SDK for logging in using Auth0. A security vulnerability exists in nextjs-auth0 versions 4.11.0 through 4.11.2 and 4.12.0, which stems from the fact that simultaneous requests on the same client may result in improper lookups in TokenRequestCache...
CVE-2025-65945
auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they use the...
CVE-2025-65945
auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they use the...
CVE-2025-65945 auth0/node-jws improper HMAC signature verification vulnerability
auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they use the...
CVE-2025-65945 auth0/node-jws improper HMAC signature verification vulnerability
auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they use the...
GHSA-869P-CJFG-CM3X auth0/node-jws Improperly Verifies HMAC Signature
Overview An improper signature verification vulnerability exists when using auth0/node-jws with the HS256 algorithm under specific conditions. Am I Affected? You are affected by this vulnerability if you meet all of the following preconditions: 1. Application uses the auth0/node-jws implementatio...
auth0/node-jws Improperly Verifies HMAC Signature
Overview An improper signature verification vulnerability exists when using auth0/node-jws with the HS256 algorithm under specific conditions. Am I Affected? You are affected by this vulnerability if you meet all of the following preconditions: 1. Application uses the auth0/node-jws implementatio...
PT-2025-49117
Name of the Vulnerable Software and Affected Versions auth0/node-jws versions 3.2.2 and earlier auth0/node-jws version 4.0.0 Description auth0/node-jws is a JSON Web Signature implementation for Node.js. A flaw exists in signature verification when using the HS256 algorithm under specific...
EUVD-2025-175691
Malicious code in vortex-auth0-string-holography npm...
EUVD-2025-177685
Malicious code in nebula-build-auth0-mui npm...
EUVD-2025-176266
Malicious code in spectron-markdown-avior-auth0 npm...
MAL-2025-189609 Malicious code in spectron-markdown-avior-auth0 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cda5fccf9c493a775930450c26b7389eb9ec4a139fc1f065b0c0e777ab3772d8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-175772
Malicious code in ursa-auth0-delphinus-nodejs npm...
EUVD-2025-180226
Malicious code in auth0-andromeda-heka-cross-env npm...
EUVD-2025-176681
Malicious code in resolvers-auth0-version-charon npm...
EUVD-2025-180222
Malicious code in auth0-scripts-slides-build npm...