Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

auth0 — Vulnerabilities & Security Advisories 30

Browse all 30 CVE security advisories affecting auth0. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Auth0 operates as a cloud-based identity and access management platform, primarily serving developers who require secure authentication and authorization services for web and mobile applications. Its architecture handles sensitive user credentials and session tokens, making it a critical component in modern software ecosystems. Historically, vulnerabilities within its ecosystem have frequently involved cross-site scripting (XSS), broken access control, and security misconfigurations that could lead to privilege escalation or unauthorized data access. With thirty recorded Common Vulnerabilities and Exposures (CVEs), the platform has faced scrutiny regarding its implementation of security controls. While no single catastrophic breach has publicly defined its history, the cumulative nature of these flaws highlights the inherent risks in complex third-party identity providers. Organizations relying on this service must rigorously monitor updates and enforce strict configuration standards to mitigate potential exploitation vectors inherent in its extensive feature set.

Found 7 results / 30Clear Filters
Top products by auth0: nextjs-auth0 auth0-PHP lock passport-wsfed-saml2 node-jsonwebtoken express-openid-connect express-jwt node-auth0 omniauth-auth0 ad-ldap-connector auth0.js Login by Auth0 laravel-auth0 node-jws
CVE IDTitleCVSSSeverityPublished
CVE-2026-40155 Auth0 Next.js SDK has Improper Proxy Cache Lookup — nextjs-auth0CWE-863 5.4 Medium2026-04-17
CVE-2025-67716 Auth0 Next.js SDK has Improper Validation of Query Parameters — nextjs-auth0CWE-184 5.7 Medium2025-12-11
CVE-2025-67490 Auth0 Next.js SDK has Improper Request Caching Lookup — nextjs-auth0CWE-863 5.4 Medium2025-12-10
CVE-2025-48947 NextJS-Auth0 SDK Vulnerable to CDN Caching of Session Cookies — nextjs-auth0CWE-525 6.5AIMediumAI2025-06-04
CVE-2025-46344 Auth0 NextJS SDK v4 Missing Session Invalidation — nextjs-auth0CWE-613 9.1AICriticalAI2025-04-29
CVE-2021-43812 Open redirect in nextjs-auth0 — nextjs-auth0CWE-601 6.4 Medium2021-12-16
CVE-2021-32702 Reflected XSS from the callback handler's error query parameter — nextjs-auth0CWE-79 8.0 High2021-06-25

This page lists every published CVE security advisory associated with auth0. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.