Search for packages
| purl | pkg:npm/auth0-lock@7.14.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2r6q-ehzz-6yb4
Aliases: CVE-2020-15119 GHSA-6gg3-pmm7-97xc |
Cross-site Scripting In auth0-lock `dangerouslySetInnerHTML` is used to update the DOM. When `dangerouslySetInnerHTML` is used, the application and its users might be exposed to cross-site scripting (XSS) attacks. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-k3m2-21vz-x7cw
Aliases: CVE-2019-20174 GHSA-w2pf-g6r8-pg22 |
Cross-site Scripting Auth0 Lock allows XSS when `additionalSignUpFields` is used with an untrusted placeholder. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-04T20:34:19.949619+00:00 | GitLab Importer | Affected by | VCID-2r6q-ehzz-6yb4 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/auth0-lock/CVE-2020-15119.yml | 38.6.0 |
| 2026-06-04T20:26:56.828007+00:00 | GitLab Importer | Affected by | VCID-k3m2-21vz-x7cw | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/auth0-lock/CVE-2019-20174.yml | 38.6.0 |