| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-40155 | Auth0 Next.js SDK has Improper Proxy Cache Lookup | auth0 | nextjs-auth0 | Medium | 5.4 | 2026-04-17 20:54:39 | Deep Dive |
| CVE-2026-34236 | Auth0 PHP SDK Insufficient Entropy in Cookie Encryption | auth0 | auth0-PHP | High | 8.2 | 2026-04-01 17:04:53 | Deep Dive |
| CVE-2025-68129 | Auth0-PHP SDK has Improper Audience Validation | auth0 | auth0-PHP | Medium | 6.8 | 2025-12-17 22:07:36 | Deep Dive |
| CVE-2025-67716 | Auth0 Next.js SDK has Improper Validation of Query Parameters | auth0 | nextjs-auth0 | Medium | 5.7 | 2025-12-11 00:21:28 | Deep Dive |
| CVE-2025-67490 | Auth0 Next.js SDK has Improper Request Caching Lookup | auth0 | nextjs-auth0 | Medium | 5.4 | 2025-12-10 22:16:08 | Deep Dive |
| CVE-2025-65945 | auth0/node-jws improper HMAC signature verification vulnerability | auth0 | node-jws | High | 7.5 | 2025-12-04 18:45:38 | Deep Dive |
| CVE-2025-58769 | auth0-PHP: Improper File Type Handling in Bulk User Import | auth0 | laravel-auth0 | Low | 3.3 | 2025-10-01 19:57:06 | Deep Dive |
| CVE-2025-48947 | NextJS-Auth0 SDK Vulnerable to CDN Caching of Session Cookies | auth0 | nextjs-auth0 | - | - | 2025-06-04 20:14:44 | Deep Dive |
| CVE-2025-48951 | Auth0-PHP SDK Deserialization of Untrusted Data vulnerability | auth0 | auth0-PHP | - | - | 2025-06-03 20:52:35 | Deep Dive |
| CVE-2025-47275 | Brute Force Authentication Tags of CookieStore Sessions in Auth0-PHP SDK | auth0 | auth0-PHP | Critical | 9.1 | 2025-05-15 21:13:01 | Deep Dive |
| CVE-2025-46573 | passport-wsfed-saml2 Has SAML Authentication Bypass via Attribute Smuggling | auth0 | passport-wsfed-saml2 | - | - | 2025-05-06 20:22:00 | Deep Dive |
| CVE-2025-46572 | passport-wsfed-saml2 Has SAML Authentication Bypass via Signature Wrapping | auth0 | passport-wsfed-saml2 | - | - | 2025-05-06 20:18:26 | Deep Dive |
| CVE-2025-46345 | Auth0 Account Link Extension JWT Invalid Signature Validation | auth0-extensions | auth0-account-link-extension | - | - | 2025-05-01 17:20:24 | Deep Dive |
| CVE-2025-46344 | Auth0 NextJS SDK v4 Missing Session Invalidation | auth0 | nextjs-auth0 | - | - | 2025-04-29 20:43:42 | Deep Dive |
| CVE-2023-6813 | Login by Auth0 <= 4.6.0 - Reflected Cross-Site Scripting via wle | auth0 | Login by Auth0 | Medium | 6.1 | 2024-07-10 07:36:44 | Deep Dive |
| CVE-2022-23539 | jsonwebtoken unrestricted key type could lead to legacy keys usage | auth0 | node-jsonwebtoken | Medium | 5.9 | 2022-12-22 23:20:48 | Deep Dive |
| CVE-2022-23540 | jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify() | auth0 | node-jsonwebtoken | Medium | 6.4 | 2022-12-22 18:02:25 | Deep Dive |
| CVE-2022-23541 | jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC | auth0 | node-jsonwebtoken | Medium | 5.0 | 2022-12-22 17:52:22 | Deep Dive |
| CVE-2022-23505 | Passport-wsfed-saml2 vulnerable to Authentication Bypass for WSFed authentication | auth0 | passport-wsfed-saml2 | Medium | 5.3 | 2022-12-13 07:04:23 | Deep Dive |
| CVE-2022-29172 | HTML injection with additional signup fields | auth0 | lock | Medium | 6.1 | 2022-05-05 22:50:09 | Deep Dive |