Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/214762?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/214762?format=api", "purl": "pkg:npm/auth0-js@1.6.3", "type": "npm", "namespace": "", "name": "auth0-js", "version": "1.6.3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "10.0.0", "latest_non_vulnerable_version": "10.0.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39538?format=api", "vulnerability_id": "VCID-3jcm-6tna-e7b8", "summary": "Improper Authentication\nThe Auth0 authentication service allows privilege escalation because the JWT audience field is not validated.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-6873", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04363", "scoring_system": "epss", "scoring_elements": "0.89139", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04363", "scoring_system": "epss", "scoring_elements": "0.89155", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.04363", "scoring_system": "epss", "scoring_elements": "0.89156", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-6873" }, { "reference_url": "http://www.securityfocus.com/bid/103695", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/103695" }, { "reference_url": "https://auth0.com/docs/security/bulletins/cve-2018-6873", "reference_id": "CVE-2018-6873", "reference_type": "", "scores": [], "url": "https://auth0.com/docs/security/bulletins/cve-2018-6873" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6873", "reference_id": "CVE-2018-6873", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6873" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55323?format=api", "purl": "pkg:npm/auth0-js@8.11.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-53ug-2gch-bqhr" }, { "vulnerability": "VCID-cfu4-873a-rbgv" }, { "vulnerability": "VCID-edhw-mrxm-u3hy" }, { "vulnerability": "VCID-mwey-ne6v-bkea" }, { "vulnerability": "VCID-us7k-vw3e-x7f3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/auth0-js@8.11.0" } ], "aliases": [ "CVE-2018-6873" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3jcm-6tna-e7b8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39199?format=api", "vulnerability_id": "VCID-53ug-2gch-bqhr", "summary": "Information Exposure\nA cross-origin vulnerability has been discovered in auth0. This vulnerability allows an attacker to acquire authenticated user tokens and invoke services on a user's behalf if the target site or application uses a popup callback page with `auth0.popup.callback().`", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17068", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.56144", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.56115", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.56132", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.56084", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.56138", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17068" }, { "reference_url": "https://appcheck-ng.com/appcheck-discovers-vulnerability-auth0-library-cve-2017-17068", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://appcheck-ng.com/appcheck-discovers-vulnerability-auth0-library-cve-2017-17068" }, { "reference_url": "https://appcheck-ng.com/appcheck-discovers-vulnerability-auth0-library-cve-2017-17068/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://appcheck-ng.com/appcheck-discovers-vulnerability-auth0-library-cve-2017-17068/" }, { "reference_url": "https://github.com/advisories/GHSA-3rpr-mg43-xhq4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3rpr-mg43-xhq4" }, { "reference_url": "https://auth0.com/docs/security/bulletins/cve-2017-17068", "reference_id": "CVE-2017-17068", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://auth0.com/docs/security/bulletins/cve-2017-17068" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17068", "reference_id": "CVE-2017-17068", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17068" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54751?format=api", "purl": "pkg:npm/auth0-js@8.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cfu4-873a-rbgv" }, { "vulnerability": "VCID-edhw-mrxm-u3hy" }, { "vulnerability": "VCID-mwey-ne6v-bkea" }, { "vulnerability": "VCID-us7k-vw3e-x7f3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/auth0-js@8.12.0" } ], "aliases": [ "CVE-2017-17068", "GHSA-3rpr-mg43-xhq4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-53ug-2gch-bqhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39462?format=api", "vulnerability_id": "VCID-cfu4-873a-rbgv", "summary": "Cross-Site Request Forgery (CSRF)\nThe Auth0 Authjs library has CSRF because it mishandles the case where the authorization response lacks the state parameter.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7307", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.4231", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42284", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42359", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42371", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42344", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7307" }, { "reference_url": "https://github.com/advisories/GHSA-wpq7-q8j4-72jg", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wpq7-q8j4-72jg" }, { "reference_url": "https://auth0.com/docs/security/bulletins/cve-2018-7307", "reference_id": "CVE-2018-7307", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://auth0.com/docs/security/bulletins/cve-2018-7307" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7307", "reference_id": "CVE-2018-7307", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7307" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55126?format=api", "purl": "pkg:npm/auth0-js@9.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mwey-ne6v-bkea" }, { "vulnerability": "VCID-us7k-vw3e-x7f3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/auth0-js@9.3.0" } ], "aliases": [ "CVE-2018-7307", "GHSA-wpq7-q8j4-72jg" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cfu4-873a-rbgv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39534?format=api", "vulnerability_id": "VCID-edhw-mrxm-u3hy", "summary": "Cross-Site Request Forgery (CSRF)\nCSRF exists in the Auth0 authentication service when the Legacy Lock API flag is enabled.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-6874", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38281", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38315", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38369", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38344", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38372", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-6874" }, { "reference_url": "https://github.com/advisories/GHSA-wv26-rj8c-4r33", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wv26-rj8c-4r33" }, { "reference_url": "http://www.securityfocus.com/bid/103695", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/103695" }, { "reference_url": "https://auth0.com/docs/security/bulletins/cve-2018-6874", "reference_id": "CVE-2018-6874", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://auth0.com/docs/security/bulletins/cve-2018-6874" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6874", "reference_id": "CVE-2018-6874", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6874" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55316?format=api", "purl": "pkg:npm/auth0-js@8.12.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cfu4-873a-rbgv" }, { "vulnerability": "VCID-edhw-mrxm-u3hy" }, { "vulnerability": "VCID-mwey-ne6v-bkea" }, { "vulnerability": "VCID-us7k-vw3e-x7f3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/auth0-js@8.12.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/143744?format=api", "purl": "pkg:npm/auth0-js@9.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cfu4-873a-rbgv" }, { "vulnerability": "VCID-mwey-ne6v-bkea" }, { "vulnerability": "VCID-us7k-vw3e-x7f3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/auth0-js@9.0.0" } ], "aliases": [ "CVE-2018-6874", "GHSA-wv26-rj8c-4r33" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-edhw-mrxm-u3hy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52842?format=api", "vulnerability_id": "VCID-pjum-jypu-ake2", "summary": "Information Exposure Through an Error Message\nIn auth0 (npm package), a DenyList of specific keys that should be sanitized from the request object contained in the error object is used. and you are using a Machine to Machine application authorized to use Auth0's management API.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15125", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.54364", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.5434", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.54362", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.54373", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.54307", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15125" }, { "reference_url": "https://github.com/auth0/node-auth0/pull/507", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/auth0/node-auth0/pull/507" }, { "reference_url": "https://github.com/auth0/node-auth0/pull/507/commits/62ca61b3348ec8e74d7d00358661af1a8bc98a3c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/auth0/node-auth0/pull/507/commits/62ca61b3348ec8e74d7d00358661af1a8bc98a3c" }, { "reference_url": "https://github.com/auth0/node-auth0/tree/v2.27.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/auth0/node-auth0/tree/v2.27.1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15125", "reference_id": "CVE-2020-15125", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15125" }, { "reference_url": "https://github.com/advisories/GHSA-5jpf-pj32-xx53", "reference_id": "GHSA-5jpf-pj32-xx53", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5jpf-pj32-xx53" }, { "reference_url": "https://github.com/auth0/node-auth0/security/advisories/GHSA-5jpf-pj32-xx53", "reference_id": "GHSA-5jpf-pj32-xx53", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/auth0/node-auth0/security/advisories/GHSA-5jpf-pj32-xx53" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77750?format=api", "purl": "pkg:npm/auth0-js@3.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3jcm-6tna-e7b8" }, { "vulnerability": "VCID-53ug-2gch-bqhr" }, { "vulnerability": "VCID-cfu4-873a-rbgv" }, { "vulnerability": "VCID-edhw-mrxm-u3hy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/auth0-js@3.0.0" } ], "aliases": [ "CVE-2020-15125", "GHSA-5jpf-pj32-xx53" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pjum-jypu-ake2" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/auth0-js@1.6.3" }