Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/auth0-js@10.0.0
purl pkg:npm/auth0-js@10.0.0
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-wn11-8xkr-tffb Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0. CVE-2026-42280
GHSA-8qjv-jj2q-x832

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-12T07:52:00.954468+00:00 GithubOSV Importer Fixing VCID-wn11-8xkr-tffb https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-8qjv-jj2q-x832/GHSA-8qjv-jj2q-x832.json 38.6.0