107 matches found
GHSA-GHC5-95C2-VWCV Auth0 Symfony SDK has Insufficient Entropy in Cookie Encryption
Impact In applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session cookies. Am I Affected? Consumers are affected if their application meets the following preconditions: - It...
CVE-2026-34236
Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. From version 8.0.0 to before version 8.19.0, in applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session...
Auth0 PHP SDK has Insufficient Entropy in Cookie Encryption
Impact In applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session cookies. Am I Affected? Consumers are affected if their application meets the following preconditions: - The...
CVE-2026-34236
Auth0-PHP SDK versions 8.0.0–8.18.x encrypt cookies with insufficient entropy, enabling potential brute-forcing of the encryption key and forging session cookies. Impact is session integrity/confidentiality, with high severity (CVSS 3.1: HIGH). The issue is fixed in version 8.19.0. Affected devel...
CVE-2026-34236 Auth0 PHP SDK Insufficient Entropy in Cookie Encryption
Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. From version 8.0.0 to before version 8.19.0, in applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session...
CVE-2023-49283
microsoft-graph-core the Microsoft Graph Library for PHP. The Microsoft Graph Beta PHP SDK published packages which contained test code that enabled the use of the phpInfo function from any application that could access and execute the file at...
CVE-2025-68129 Auth0-PHP SDK has Improper Audience Validation
Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Projects are affected if the...
CVE-2025-14761
Missing cryptographic key commitment in the AWS SDK for PHP may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgra...
Auth0 WordPress has Improper Audience Validation via Auth0-PHP SDK Dependency
Description In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Affected product and versions Projects are affected if they meet the following...
EUVD-2025-203983
Auth0 Symfony SDK has Improper Audience Validation via Auth0-PHP SDK...
Auth0-PHP SDK has Improper Audience Validation
Description In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Affected product and versions Projects are affected if they meet the following...
EUVD-2017-16962
Malware in sbrugna...
EUVD-2018-10896
Malware in sbrugna...
EUVD-2023-0558
Malicious code in bioql PyPI...
EUVD-2025-16787
Malicious code in bioql PyPI...
EUVD-2023-3247
Malicious code in bioql PyPI...
EUVD-2025-32043
Malicious code in bioql PyPI...
EUVD-2022-0693
Malicious code in bioql PyPI...
EUVD-2022-3196
Malicious code in bioql PyPI...
GHSA-HJFH-5JMM-XR24 laravel-auth0 SDK Does Not Properly Handle File Types in Bulk User Import
Overview In applications built with the Auth0-PHP SDK, the Bulk User Import endpoint does not validate the file path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths or URLs. Am I affected? You are affected by this vulnerability if you meet the...