Product
auth0 auth0.js
7 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-42280
CVE-2020-15125
CVE-2020-5263
CVE-2018-6874
CVE-2018-6873
CVE-2018-7307
CVE-2017-17068
>= 8.11.0 and < 10.0.0
Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may
< 2.27.1
In auth0 (npm package) versions before 2.27.1, a DenyList of specific keys that should be sanitized from the request object contai
>= 8.0.0 and <= 9.13.1
auth0.js (NPM package auth0-js) greater than version 8.0.0 and before version 9.12.3 has a vulnerability. In the case of an (authe
<= 8.12.1
CSRF exists in the Auth0 authentication service through 14591 if the Legacy Lock API flag is enabled.
<= 8.10.1
The Auth0 authentication service before 2017-10-15 allows privilege escalation because the JWT audience is not validated.
< 9.3
The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state par
< 8.12
A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions < 8.12. This vulnerability allow