auth0/auth0-php
Packagist4 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting auth0/auth0-phppage 1 of 1
- CVE-2025-47275CRITICALCVSS 9.1EG 9.1✓ Fixed in 8.14.02025-05-15
vulnerable: 8.0.0 ... 8.9.3 (36 versions)
Auth0-PHP provides the PHP SDK for Auth0 Authentication and Management APIs. Starting in version 8.0.0-BETA1 and prior to version 8.14.0, session cookies of applications using the Auth0-PHP SDK configured with CookieStore have authenticati…
- CVE-2025-48951CRITICALCVSS 9.3EG 0.0✓ Fixed in 8.3.12025-06-03
vulnerable: 8.0.0 ... 8.3.0 (12 versions)
Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. Versions 8.0.0-BETA3 prior to 8.3.1 contain a vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior …
- CVE-2025-58769LOWCVSS 3.3EG 3.3✓ Fixed in 8.17.02025-10-01
vulnerable: 3.3.0 ... 8.9.3 (99 versions)
auth0-PHP is an SDK for Auth0 Authentication and Management APIs. In versions 3.3.0 through 8.16.0, the Bulk User Import endpoint in applications built with the SDK does not validate the file-path wrapper or value. Without proper validatio…
- CVE-2026-34236HIGHCVSS 8.2EG 8.2✓ Fixed in 8.19.02026-04-01
vulnerable: 8.0.0 ... 8.9.3 (38 versions)
Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. From version 8.0.0 to before version 8.19.0, in applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat act…
Check whether auth0/auth0-php is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for auth0/auth0-php CVEs against the assets you own.
Start Free Scan →