A

Auth0 Security Vulnerabilities (CVE)

Explore vulnerabilities and security advisories affecting Auth0 products.

2 known CVE vulnerabilities tracked

Critical
0
High
1
Medium
1
Low
0
None
0

Vulnerabilities By Year

1
2025
1
2026

Products Affected

Auth0-Php 1 Auth0.Js 1

All Auth0 CVEs

Recent Highest Score Oldest
CVE-2026-42280
7.1 high

Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0.

Auth0.Js May 27, 2026
CVE-2025-68129
6.8 medium

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Projects are affected if they u

Auth0-Php Dec 17, 2025