Skip to main content

Nextjs Auth0

3 CVEs product

Monthly

CVE-2026-40155 npm MEDIUM PATCH GHSA This Month

Authentication bypass in Auth0 Next.js SDK versions 4.12.0 through 4.17.1 allows authenticated users with UI interaction to access sensitive endpoints through improper proxy cache lookups during concurrent nonce retry operations. The vulnerability specifically affects deployments using the proxy handler with DPoP (Demonstration of Proof-of-Possession) enabled, potentially exposing confidential user information via /me/* and /my-org/* endpoints. Vendor-released patch: version 4.18.0.

Authentication Bypass Nextjs Auth0 Auth0
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2021-43812 npm MEDIUM PATCH This Month

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Nextjs Auth0
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-32702 npm MEDIUM PATCH This Month

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Nextjs Auth0
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Authentication bypass in Auth0 Next.js SDK versions 4.12.0 through 4.17.1 allows authenticated users with UI interaction to access sensitive endpoints through improper proxy cache lookups during concurrent nonce retry operations. The vulnerability specifically affects deployments using the proxy handler with DPoP (Demonstration of Proof-of-Possession) enabled, potentially exposing confidential user information via /me/* and /my-org/* endpoints. Vendor-released patch: version 4.18.0.

Authentication Bypass Nextjs Auth0 Auth0
NVD GitHub VulDB
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Nextjs Auth0
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Nextjs Auth0
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy