All 7 CVE vulnerabilities found in nextjs-auth0, with AI-generated Chinese analysis, references, and POCs.
Vendor: auth0
| CVE ID | Title | CVSS | Severity | Paused |
|---|---|---|---|---|
| CVE-2026-40155 | Auth0 Next.js SDK has Improper Proxy Cache Lookup CWE-863 | 5.4 | Medium | 2026-04-17 |
| CVE-2025-67716 | Auth0 Next.js SDK has Improper Validation of Query Parameters CWE-184 | 5.7 | Medium | 2025-12-11 |
| CVE-2025-67490 | Auth0 Next.js SDK has Improper Request Caching Lookup CWE-863 | 5.4 | Medium | 2025-12-10 |
| CVE-2025-48947 | NextJS-Auth0 SDK Vulnerable to CDN Caching of Session Cookies CWE-525 | 6.5AI | MediumAI | 2025-06-04 |
| CVE-2025-46344 | Auth0 NextJS SDK v4 Missing Session Invalidation CWE-613 | 9.1AI | CriticalAI | 2025-04-29 |
| CVE-2021-43812 | Open redirect in nextjs-auth0 CWE-601 | 6.4 | Medium | 2021-12-16 |
| CVE-2021-32702 | Reflected XSS from the callback handler's error query parameter CWE-79 | 8.0 | High | 2021-06-25 |
All 7 known CVE vulnerabilities affecting nextjs-auth0 with full Chinese analysis, references, and POCs where available.