Vulnerabilities > Auth0 > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-06-30 CVE-2020-15084 Incorrect Authorization vulnerability in Auth0 Express-Jwt
In express-jwt (NPM package) up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced.
network
low complexity
auth0 CWE-863
critical
9.1
2017-12-27 CVE-2017-16897 Authentication Bypass by Spoofing vulnerability in Auth0 Passport-Wsfed-Saml2
A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 library affecting versions < 3.0.5.
network
auth0 CWE-290
critical
9.3