Vulnerabilities > Auth0 > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-30 | CVE-2020-15084 | Incorrect Authorization vulnerability in Auth0 Express-Jwt In express-jwt (NPM package) up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced. | 9.1 |
| 2017-12-27 | CVE-2017-16897 | Authentication Bypass by Spoofing vulnerability in Auth0 Passport-Wsfed-Saml2 A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 library affecting versions < 3.0.5. | 9.3 |