Identity & Access Management · head-to-head
Auth0 vs Ping Identity
On-prem IAM/IGA/PAM/MFA: directories, federation, privileged access, SSO. Counts are scoped to this segment and the selected published-date window. Ping Identity carries 4.3× the disclosed CVE volume of Auth0. Volume reflects disclosure practice and install base as much as code quality — read it with the severity mix. Sourced from the NIST NVD; lower counts indicate a smaller disclosed vulnerability surface — not necessarily lower risk.
Disclosure record
Bars are normalized per row to the larger value; the leading count is emphasized.
| Auth0 | Metric | Ping Identity | ||
|---|---|---|---|---|
| 4 | Total CVEs | 17 | ||
| 0 | Critical | 1 | ||
| 1 | High | 6 | ||
| 3 | Medium | 8 | ||
| 0 | Low | 2 | ||
| 3 | Open in latest | 9 |
Risk profile
Each severity band as a share of the vendor's own total — strips out raw volume so the profiles compare directly.
Auth0
0.0% critical- Critical
- 00.0%
- High
- 125.0%
- Medium
- 375.0%
- Low
- 00.0%
Ping Identity
5.9% critical- Critical
- 15.9%
- High
- 635.3%
- Medium
- 847.1%
- Low
- 211.8%
Recent activity
Latest in-window disclosures per vendor, newest first. Each ID links to its NVD record.
Auth0
| CVE | Severity | CVSS | Published |
|---|---|---|---|
| CVE-2026-42280(opens NVD record) | High | 7.1 | May 27, 2026 |
| CVE-2022-23539(opens NVD record) | Medium | 5.9 | Dec 23, 2022 |
| CVE-2022-23540(opens NVD record) | Medium | 6.4 | Dec 22, 2022 |
| CVE-2022-23541(opens NVD record) | Medium | 5.0 | Dec 22, 2022 |
Ping Identity
| CVE | Severity | CVSS | Published |
|---|---|---|---|
| CVE-2024-22477(opens NVD record) | Low | 1.8 | Jul 9, 2024 |
| CVE-2024-22377(opens NVD record) | Medium | 5.3 | Jul 9, 2024 |
| CVE-2023-40545(opens NVD record) | High | 8.8 | Feb 6, 2024 |
| CVE-2023-36496(opens NVD record) | High | 7.7 | Feb 1, 2024 |
| CVE-2023-39219(opens NVD record) | High | 7.5 | Oct 25, 2023 |
| CVE-2023-37283(opens NVD record) | High | 8.1 | Oct 25, 2023 |
Track new CVEs for these vendors
Get an email the moment a new vulnerability is disclosed for the products you rely on.