EUVD-2020-1445

Malware in sbrugna...

EUVD-2023-1724

Malicious code in bioql PyPI...

EUVD-2025-16914

Malicious code in bioql PyPI...

EUVD-2024-2447

Malicious code in bioql PyPI...

EUVD-2022-5377

Malicious code in bioql PyPI...

Auth0-PHP 安全漏洞

Auth0-PHP is an Auth0 open source PHP SDK for Auth0 authentication and management APIs. A security vulnerability exists in Auth0-PHP versions 3.3.0 through 8.16.0, which stems from an unvalidated file path wrapper or value that could lead to the acceptance of arbitrary file paths or URLs...

CVE-2025-48947 NextJS-Auth0 SDK Vulnerable to CDN Caching of Session Cookies

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In Auth0 Next.js SDK versions 4.0.1 through 4.6.0, session cookies set by auth0.middleware may be cached by CDNs due to missing Cache-Control headers. Three preconditions must be met in order for...

PT-2025-23673 · Auth0 · Auth0/Wordpress +3

Name of the Vulnerable Software and Affected Versions: Auth0-PHP versions 8.0.0-BETA3 through 8.14.0 Description: The issue is due to insecure deserialization of cookie data. If exploited, a threat actor could send a specially crafted cookie containing malicious serialized data, as the SDK...

CVE-2022-29172

Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. In versions before 11.33.0, when the “additional signup fields” feature is configured, a malicious actor can inject invalidated HTML code...

CVE-2021-32641

auth0-lock is Auth0's signin solution. Versions of nauth0-lock before and including 11.30.0 are vulnerable to reflected XSS. An attacker can execute arbitrary code when the library's flashMessage feature is utilized and user input or data from URL parameters is incorporated into the flashMessage ...

Authentication Bypass

auth0/auth0-php is vulnerable to Authentication Bypass. The vulnerability is due to weak authentication tag protection due to session cookies configured with CookieStore being susceptible to brute-force attacks, potentially allowing unauthorized access...

laravel-auth0 SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions

Overview Session cookies of applications using the laravel-auth0 SDK configured with CookieStore have authentication tags that can be brute forced, which may result in unauthorized access. Am I Affected? You are affected by this vulnerability if you meet the following pre-conditions: 1...

GHSA-VM2P-F5J4-MJ6G Auth0 angular-jwt misinterprets allowlist as regex

Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain allowlist filter via a crafted domain. For example, if the setting is initialized...

CVE-2022-29172 HTML injection with additional signup fields

Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. In versions before 11.33.0, when the “additional signup fields” feature is configured, a malicious actor can inject invalidated HTML code...

@architect-io/cli (>=0.3.13 <=0.5.2-rc.7), @mishguru/logview-cli (>=4.0.0 <=4.6.0) +8 more potentially affected by CVE-2020-15125 via auth0 (>=0.8.5 <=2.25.1)

auth0 NPM version =0.8.5, =0.3.13, =4.0.0, =0.0.34, =3.1.0, =0.0.0, =0.1.0, =0.2.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1 Source cves: CVE-2020-15125 Source advisory: OSV:GHSA-5JPF-PJ32-XX53...

Privilege Escalation

Auth0 is vulnerable to privilege escalation. A lack of the JWT token and signature validation in the parseHash method allows a remote attacker to authenticate as another user with higher privileges...