Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package auth0-js, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2018-6874 — CVSS 8.8 (high): CSRF exists in the Auth0 authentication service through 14591 if the Legacy Lock API flag is enabled.
CVE-2018-7307 — CVSS 8.8 (high): The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter.
CVE-2017-17068 — CVSS 7.5 (high): A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions < 8.12. This vulnerability allows an…
CVE-2026-42280 — CVSS 7.1 (high): Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may…
CVE-2020-5263 — CVSS 5.5 (medium): auth0.js (NPM package auth0-js) greater than version 8.0.0 and before version 9.12.3 has a vulnerability. In the case of an…