| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2022-24794 | Open Redirect in express-openid-connect | auth0 | express-openid-connect | High | 7.5 | 2022-03-31 22:45:14 | Deep Dive |
| CVE-2021-43812 | Open redirect in nextjs-auth0 | auth0 | nextjs-auth0 | Medium | 6.4 | 2021-12-16 18:20:12 | Deep Dive |
| CVE-2021-41246 | Session fixation in express-openid-connect | auth0 | express-openid-connect | Medium | 4.6 | 2021-12-09 15:55:10 | Deep Dive |
| CVE-2021-32702 | Reflected XSS from the callback handler's error query parameter | auth0 | nextjs-auth0 | High | 8.0 | 2021-06-25 16:25:11 | Deep Dive |
| CVE-2021-32641 | Reflected XSS when using flashMessages | auth0 | lock | High | 8.1 | 2021-06-04 21:10:11 | Deep Dive |
| CVE-2020-15259 | CSRF in Auth0 ad-ldap-connector | auth0 | ad-ldap-connector | High | 8.1 | 2020-11-06 19:35:15 | Deep Dive |
| CVE-2020-15240 | Regression in JWT Signature Validation | auth0 | omniauth-auth0 | High | 7.4 | 2020-10-21 17:25:14 | Deep Dive |
| CVE-2020-15119 | DOM-based XSS in auth0-lock | auth0 | lock | Medium | 6.4 | 2020-08-19 21:20:11 | Deep Dive |
| CVE-2020-15125 | Authorization header is not sanitized in an error object in auth0 | auth0 | node-auth0 | High | 7.7 | 2020-07-29 16:25:15 | Deep Dive |
| CVE-2020-15084 | Authorization bypass in express-jwt | auth0 | express-jwt | High | 7.7 | 2020-06-30 16:10:12 | Deep Dive |
| CVE-2020-5263 | Information disclosure through error object | auth0 | auth0.js | Medium | 5.5 | 2020-04-09 15:50:12 | Deep Dive |