Vendor scorecard
Auth0
Auth0 security disclosure record — CVE volume, CVSS severity mix and product-category breakdown, sourced from the NIST NVD.
CPE: auth0
Product families
1
Open in latest
3
Inferred — see methodology
Last disclosure
May 27, 2026
01
Product categories
1 trackedCVE volume, severity mix and the inferred latest shipping version per category.
| Category | CVEs | Volume | Severity mix | Open | Inferred latest |
|---|---|---|---|---|---|
| Identity PlatformIdentity & Access Managementauth0.js, jsonwebtoken, angular-jwt… | 1 | 3 | 0.4.0LOW |
02
Recent CVEs
1 shownMost recently published, newest first. Each ID links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2026-42280(opens NVD record) | High | 7.1 | Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0. | May 27, 2026 |
1 CVEs · 1 product families