Vulnerabilities > Auth0

DATE CVE VULNERABILITY TITLE RISK
2022-12-23 CVE-2022-23539 Unspecified vulnerability in Auth0 Jsonwebtoken
Versions `<=8.5.1` of `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification.
network
low complexity
auth0
8.1
2022-12-22 CVE-2022-23540 Improper Verification of Cryptographic Signature vulnerability in Auth0 Jsonwebtoken
In versions `<=8.5.1` of `jsonwebtoken` library, lack of algorithm definition in the `jwt.verify()` function can lead to signature validation bypass due to defaulting to the `none` algorithm for signature verification.
network
low complexity
auth0 CWE-347
7.6
2022-12-22 CVE-2022-23541 Unspecified vulnerability in Auth0 Jsonwebtoken
jsonwebtoken is an implementation of JSON Web Tokens.
network
low complexity
auth0
6.3
2022-12-13 CVE-2022-23505 Unspecified vulnerability in Auth0 Passport-Wsfed-Saml2
Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens authentication provider for Passport.
network
low complexity
auth0
7.5
2022-05-05 CVE-2022-29172 Unspecified vulnerability in Auth0 Lock
Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce.
network
low complexity
auth0
6.1
2022-03-31 CVE-2022-24794 Unspecified vulnerability in Auth0 Express Openid Connect
Express OpenID Connect is an Express JS middleware implementing sign on for Express web apps using OpenID Connect.
network
low complexity
auth0
6.1
2021-12-16 CVE-2021-43812 Unspecified vulnerability in Auth0 Nextjs-Auth0
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications.
network
low complexity
auth0
6.1
2021-12-09 CVE-2021-41246 Unspecified vulnerability in Auth0 Express Openid Connect
Express OpenID Connect is express JS middleware implementing sign on for Express web apps using OpenID Connect.
network
low complexity
auth0
8.8
2021-06-25 CVE-2021-32702 Cross-site Scripting vulnerability in Auth0 Nextjs-Auth0
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications.
network
low complexity
auth0 CWE-79
6.1
2021-06-04 CVE-2021-32641 Unspecified vulnerability in Auth0 Lock
auth0-lock is Auth0's signin solution.
network
low complexity
auth0
6.1