VYPR

Auth0 PHP

by Auth0

Source repositories

CVEs (3)

  • CVE-2025-48951CriJun 3, 2025
    risk 0.53cvss epss 0.01

    Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. Versions 8.0.0-BETA3 prior to 8.3.1 contain a vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior authentication, a threat actor could…

  • CVE-2025-47275CriMay 15, 2025
    risk 0.52cvss 9.1epss 0.00

    Auth0-PHP provides the PHP SDK for Auth0 Authentication and Management APIs. Starting in version 8.0.0-BETA1 and prior to version 8.14.0, session cookies of applications using the Auth0-PHP SDK configured with CookieStore have authentication tags that can be brute forced, which…

  • CVE-2026-34236HigApr 1, 2026
    risk 0.46cvss 8.2epss 0.00

    Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. From version 8.0.0 to before version 8.19.0, in applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and…