Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/auth0-js@5.0.1
purl pkg:npm/auth0-js@5.0.1
Next non-vulnerable version 9.13.2
Latest non-vulnerable version 10.0.0
Risk
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-4rc4-ws47-bkfh
Aliases:
CVE-2018-6874
GHSA-wv26-rj8c-4r33
Cross-Site Request Forgery (CSRF) in Auth0
8.12.2
Affected by 2 other vulnerabilities.
9.0.0
Affected by 2 other vulnerabilities.
VCID-euvt-w914-n3gj
Aliases:
CVE-2018-7307
GHSA-wpq7-q8j4-72jg
Auth0-js bypasses CSRF checks
9.3.0
Affected by 1 other vulnerability.
VCID-g2s7-b2dg-hqff
Aliases:
CVE-2017-17068
GHSA-3rpr-mg43-xhq4
auth0-js Privilege Escalation Vulnerability
8.12.0
Affected by 3 other vulnerabilities.
VCID-hgxn-hmpf-j3gh
Aliases:
CVE-2018-6873
8.11.0
Affected by 4 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-12T16:58:34.905303+00:00 GitLab Importer Affected by VCID-hgxn-hmpf-j3gh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/auth0-js/CVE-2018-6873.yml 38.6.0
2026-06-12T16:58:32.865902+00:00 GitLab Importer Affected by VCID-4rc4-ws47-bkfh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/auth0-js/CVE-2018-6874.yml 38.6.0
2026-06-12T16:58:00.628273+00:00 GitLab Importer Affected by VCID-euvt-w914-n3gj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/auth0-js/CVE-2018-7307.yml 38.6.0
2026-06-12T16:56:22.715100+00:00 GitLab Importer Affected by VCID-g2s7-b2dg-hqff https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/auth0-js/CVE-2017-17068.yml 38.6.0