VulnerableCode Package Details - pkg:npm/auth0-js@9.10.3

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/auth0-js@9.10.3

Essentials
History (2)

purl	pkg:npm/auth0-js@9.10.3

Next non-vulnerable version	10.0.0
Latest non-vulnerable version	10.0.0
Risk

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-bpqc-ngfh-qqah Aliases: CVE-2020-5263 GHSA-prfq-f66g-43mp	Information disclosure through error object in auth0.js	9.13.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-wn11-8xkr-tffb Aliases: CVE-2026-42280 GHSA-8qjv-jj2q-x832	Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0.	10.0.0 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T22:21:44.831746+00:00	GitLab Importer	Affected by	VCID-wn11-8xkr-tffb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/auth0-js/CVE-2026-42280.yml	38.6.0
2026-06-12T17:19:46.547104+00:00	GitLab Importer	Affected by	VCID-bpqc-ngfh-qqah	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/auth0-js/CVE-2020-5263.yml	38.6.0