@golocalinteractive/golocal-cloud-wrapper (>=0.0.101 <=1.3.23), @jatango-ds/abrazo-web (>=0.1.0 <=0.1.2) +10 more potentially affected by CVE-2025-48947 via @auth0/nextjs-auth0 (>=4.12.1 <=4.20.0)

@auth0/nextjs-auth0 NPM version =4.12.1, =0.0.101, =0.1.0, =8.2.3, =1.0.0, =2.4.0, =0.1.0, =1.5.0, =0.0.1, =0.48.0, =1.4.0 Source cves: CVE-2025-48947 Source advisory: OSV:GHSA-F3FG-MF2Q-FJ3F...

@golocalinteractive/golocal-cloud-wrapper (>=0.0.101 <=1.3.23), @jatango-ds/abrazo-web (>=0.1.0 <=0.1.2) +10 more potentially affected by CVE-2025-46344 via @auth0/nextjs-auth0 (>=4.12.1 <=4.20.0)

@auth0/nextjs-auth0 NPM version =4.12.1, =0.0.101, =0.1.0, =8.2.3, =1.0.0, =2.4.0, =0.1.0, =1.5.0, =0.0.1, =0.48.0, =1.4.0 Source cves: CVE-2025-46344 Source advisory: OSV:GHSA-PJR6-JX7R-J4R6...

GHSA-2MQV-4J3R-VJVP Open redirect in @auth0/nextjs-auth0

Overview Versions =1.6.2 Will this update impact my users? The fix provided in the patch will not affect your users...

@perimetre/nextjs-auth (>=0.1.0 <=0.2.1), @zagrajmy/app (>=0.0.1 <=0.1.0-alpha.0) potentially affected by CVE-2021-43812 via @auth0/nextjs-auth0 (>=0.11.0 <=0.16.1)

@auth0/nextjs-auth0 NPM version =0.11.0, =0.1.0, =0.0.1, =0.1.0-alpha.0 Source cves: CVE-2021-43812 Source advisory: OSV:GHSA-2MQV-4J3R-VJVP...

Reflected XSS from the callback handler's error query parameter

Overview Overview @auth0/nextjs-auth0 versions before and including 1.4.1 are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the error query parameter which is then processed by the callback handler as an error message. Am I affected? You are...

Cross site scripting

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before and including 1.4.1 are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the error query parameter which is then processed by the...

CVE-2021-32702 Reflected XSS from the callback handler's error query parameter

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before and including 1.4.1 are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the error query parameter which is then processed by the...