auth0

Security Risk Profile

/100

medium

Security Risk Score

Comprehensive risk assessment based on 46 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from December 6, 2017 to present

Total CVEs

Critical+High

Exploited

Unpatched

Threat Assessment

Avg CVSS

7.6

Base severity

Avg EPSS

Exploit probability

Unpatched

Critical/High

Risk Level

50/100

medium

Severity Distribution

Critical

High

Medium

Low

Exploit Likelihood

>50% chance

20-50%

5-20%

<5%

Age Distribution

Common Weaknesses (CWE)

XSS

CSRF

Input Validation

Race Condition

Path Traversal

Most Affected Products

1. Auth0 Nextjs-auth0 Node.js7

2. npm/@auth0/nextjs-auth06

3. IBM Cognos Analytics6

4. Auth0 auth0.js6

5. composer/auth0/auth0-php5

Recent Vulnerabilities

See more →

CVE-2026-42280

CVSS 7.1high

Improper Permission Checking in Auth.js SDK

5/6/2026

CVE-2026-40155

CVSS 5.4medium

Auth0 Next.js SDK has Improper Proxy Cache Lookup

4/17/2026

CVE-2026-34236

CVSS 9.8critical

Auth0 PHP SDK Insufficient Entropy in Cookie Encryption

4/1/2026

CVE-2025-68129

CVSS 7.5high

Auth0-PHP SDK has Improper Audience Validation

12/17/2025

CVE-2025-67716

CVSS 5.7medium

Auth0 Next.js SDK has Improper Validation of Query Parameters

12/10/2025

CVE-2025-67490

CVSS 5.4medium

Auth0 Next.js SDK has Improper Request Caching Lookup

12/10/2025

CVE-2025-65945

CVSS 7.5high

auth0/node-jws improper HMAC signature verification vulnerability

12/4/2025

CVE-2025-58769

CVSS 3.3low

auth0-PHP: Improper File Type Handling in Bulk User Import

10/1/2025

CVE-2025-48947

CVSS 7.7EPSS 0%high

NextJS-Auth0 SDK Vulnerable to CDN Caching of Session Cookies

6/4/2025

CVE-2025-48951

CVSS 9.3EPSS 0%critical

Auth0-PHP SDK Deserialization of Untrusted Data vulnerability

6/3/2025

Monitor auth0 in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free Trial Book a Demo