Vulnerabilities > Auth0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-23 | CVE-2022-23539 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Auth0 Jsonwebtoken Versions `<=8.5.1` of `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. | 8.1 |
| 2022-12-22 | CVE-2022-23540 | Improper Verification of Cryptographic Signature vulnerability in Auth0 Jsonwebtoken In versions `<=8.5.1` of `jsonwebtoken` library, lack of algorithm definition in the `jwt.verify()` function can lead to signature validation bypass due to defaulting to the `none` algorithm for signature verification. | 7.6 |
| 2022-12-22 | CVE-2022-23541 | Unspecified vulnerability in Auth0 Jsonwebtoken jsonwebtoken is an implementation of JSON Web Tokens. | 6.3 |
| 2022-12-13 | CVE-2022-23505 | Unspecified vulnerability in Auth0 Passport-Wsfed-Saml2 Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens authentication provider for Passport. | 7.5 |
| 2022-05-05 | CVE-2022-29172 | Cross-site Scripting vulnerability in Auth0 Lock Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. | 6.1 |
| 2022-03-31 | CVE-2022-24794 | Open Redirect vulnerability in Auth0 Express Openid Connect Express OpenID Connect is an Express JS middleware implementing sign on for Express web apps using OpenID Connect. | 5.8 |
| 2021-12-16 | CVE-2021-43812 | Open Redirect vulnerability in Auth0 Nextjs-Auth0 The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. | 5.8 |
| 2021-12-09 | CVE-2021-41246 | Session Fixation vulnerability in Auth0 Express Openid Connect Express OpenID Connect is express JS middleware implementing sign on for Express web apps using OpenID Connect. | 6.8 |
| 2021-06-25 | CVE-2021-32702 | Cross-site Scripting vulnerability in Auth0 Nextjs-Auth0 The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. | 6.1 |
| 2021-06-04 | CVE-2021-32641 | Cross-site Scripting vulnerability in Auth0 Lock auth0-lock is Auth0's signin solution. | 4.3 |