794 matches found
Malicious Package
Overview auth0-lock-webpack is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
OAuth Parameter Injection
Auth0 Next.js is vulnerable to OAuth Parameter Injection. The vulnerability is due to insufficient validation of the returnTo parameter, where attacker-controlled input can inject unintended OAuth query parameters into the authorization request, potentially resulting in tokens being issued with...
CVE-2019-20173
The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php...
CVE-2019-20174
Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is used with an untrusted placeholder...
CVE-2025-68129
Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Projects are affected if the...
CVE-2025-68129
Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Projects are affected if the...
CVE-2025-68129
CVSS and description : CVE-2025-68129 relates to improper audience validation in Auth0-PHP, potentially allowing ID tokens to be accepted as access tokens. The issue affects Auth0-PHP versions 8.0.0 through 8.17.0, and applications using dependent SDKs that rely on those Auth0-PHP versions: Symfo...
EUVD-2025-203985
Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Projects are affected if the...
CVE-2025-68129 Auth0-PHP SDK has Improper Audience Validation
Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Projects are affected if the...
CVE-2025-68129 Auth0-PHP SDK has Improper Audience Validation
Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Projects are affected if the...
EUVD-2025-203982
Auth0 WordPress has Improper Audience Validation via Auth0-PHP SDK Dependency...
GHSA-VVG7-8RMQ-92G7 Auth0 WordPress has Improper Audience Validation via Auth0-PHP SDK Dependency
Description In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Affected product and versions Projects are affected if they meet the following...
Auth0 WordPress has Improper Audience Validation via Auth0-PHP SDK Dependency
Description In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Affected product and versions Projects are affected if they meet the following...
EUVD-2025-203983
Auth0 Symfony SDK has Improper Audience Validation via Auth0-PHP SDK...
GHSA-F3R2-88MQ-9V4G Auth0 Symfony SDK has Improper Audience Validation via Auth0-PHP SDK
Description In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Affected product and versions Projects are affected if they meet the following...
Auth0 Symfony SDK has Improper Audience Validation via Auth0-PHP SDK
Description In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Affected product and versions Projects are affected if they meet the following...
EUVD-2025-203984
Auth0 Laravel SDK has Improper Audience Validation via Auth0-PHP SDK dependency...
GHSA-7HH9-GP72-WH7H Auth0 Laravel SDK has Improper Audience Validation via Auth0-PHP SDK dependency
Description In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Affected product and versions Users are affected if they meet the following...
Auth0 Laravel SDK has Improper Audience Validation via Auth0-PHP SDK dependency
Description In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Affected product and versions Users are affected if they meet the following...
Auth0-PHP SDK has Improper Audience Validation
Description In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Affected product and versions Projects are affected if they meet the following...