Auth0 Security Bulletins

List of bulletins addressing security vulnerabilities in Auth0 software.

This page contains a list of all the published security vulnerabilities of Auth0 software.

Each bulletin contains a description of the vulnerability, how to identify if you are affected, and what to do to fix it.

Bulletins

Date Bulletin number Title Affected software
June 5, 2018 CVE-2018-11537 Security update for angular-jwt whitelist bypass angular-jwt
April 4, 2018 CVE 2018-6874 Security vulnerability for Auth0 authentication service Auth0 Authentication Service
April 4, 2018 CVE 2018-6873 Security vulnerability for Auth0 authentication service Auth0 Authentication Service
February 26, 2018 CVE 2018-7307 Security vulnerability for auth0.js < 9.3 Auth0.js
December 22, 2017 CVE 2017-16897 Security update for passport-wsfed-saml2 Passport strategy library passport-wsfed-saml2 Passport strategy library
December 4, 2017 CVE 2017-17068 Security update for auth0.js popup callback vulnerability Auth0.js