VulnerableCode Package Details - pkg:npm/auth0-js@8.12.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/auth0-js@8.12.0

Essentials
History (7)

purl	pkg:npm/auth0-js@8.12.0

Next non-vulnerable version	10.0.0
Latest non-vulnerable version	10.0.0
Risk	4.0

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-4rc4-ws47-bkfh Aliases: CVE-2018-6874 GHSA-wv26-rj8c-4r33	Cross-Site Request Forgery (CSRF) in Auth0	8.12.2 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 9.0.0 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-bpqc-ngfh-qqah Aliases: CVE-2020-5263 GHSA-prfq-f66g-43mp	Information disclosure through error object in auth0.js	9.13.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-euvt-w914-n3gj Aliases: CVE-2018-7307 GHSA-wpq7-q8j4-72jg	Auth0-js bypasses CSRF checks	9.3.0 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-wn11-8xkr-tffb Aliases: CVE-2026-42280 GHSA-8qjv-jj2q-x832	Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0.	10.0.0 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-g2s7-b2dg-hqff	auth0-js Privilege Escalation Vulnerability	CVE-2017-17068 GHSA-3rpr-mg43-xhq4

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T22:21:44.625308+00:00	GitLab Importer	Affected by	VCID-wn11-8xkr-tffb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/auth0-js/CVE-2026-42280.yml	38.6.0
2026-06-12T17:19:46.318873+00:00	GitLab Importer	Affected by	VCID-bpqc-ngfh-qqah	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/auth0-js/CVE-2020-5263.yml	38.6.0
2026-06-12T16:58:33.209983+00:00	GitLab Importer	Affected by	VCID-4rc4-ws47-bkfh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/auth0-js/CVE-2018-6874.yml	38.6.0
2026-06-12T16:58:00.966418+00:00	GitLab Importer	Affected by	VCID-euvt-w914-n3gj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/auth0-js/CVE-2018-7307.yml	38.6.0
2026-06-12T15:40:13.733510+00:00	GitLab Importer	Fixing	VCID-g2s7-b2dg-hqff	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/auth0-js/CVE-2017-17068.yml	38.6.0
2026-06-12T07:52:20.560407+00:00	GithubOSV Importer	Fixing	VCID-g2s7-b2dg-hqff	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/12/GHSA-3rpr-mg43-xhq4/GHSA-3rpr-mg43-xhq4.json	38.6.0
2026-06-11T20:23:57.621869+00:00	GHSA Importer	Fixing	VCID-g2s7-b2dg-hqff	https://github.com/advisories/GHSA-3rpr-mg43-xhq4	38.6.0