> ## Documentation Index
> Fetch the complete documentation index at: https://docs-staging-quickstart-revamp.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

> Lists Auth0 security bulletins.

# Security Bulletins

Here is a list of Auth0 security bulletins that address security vulnerabilities in Auth0 software. Each bulletin contains a description of the vulnerability, how to identify if you are affected, and what to do to fix it.

<table class="table">
  <thead>
    <tr>
      <th><strong>Date</strong></th>
      <th><strong>Bulletin number</strong></th>
      <th><strong>Title</strong></th>
      <th><strong>Affected software</strong></th>
    </tr>
  </thead>

  <tbody>
    <tr>
      <td>December 21, 2022</td>
      <td><a href="/docs/secure/security-guidance/security-bulletins/2022-12-21-jsonwebtoken">Auth0 Bulletin</a></td>
      <td>Auth0 security bulletin for jsonwebtoken</td>
      <td><a href="https://github.com/auth0/node-jsonwebtoken">node-jsonwebtoken</a></td>
    </tr>

    <tr>
      <td>December 12, 2022</td>
      <td><a href="/docs/secure/security-guidance/security-bulletins/cve-2022-23505">CVE-2022-23505</a></td>
      <td>Security Update for passport-wsfed-saml2 Library</td>
      <td><a href="https://github.com/auth0/passport-wsfed-saml2">passpord-wsfed-saml2</a></td>
    </tr>

    <tr>
      <td>March 30, 2022</td>
      <td><a href="/docs/secure/security-guidance/security-bulletins/cve-2022-24794">CVE-2022-24794</a></td>
      <td>Security Update for Express OpenID Connect Library</td>
      <td><a href="https://github.com/auth0/express-openid-connect">express-openid-connect</a></td>
    </tr>

    <tr>
      <td>December 16, 2021</td>
      <td><a href="/docs/secure/security-guidance/security-bulletins/cve-2021-43812">CVE-2021-43812</a></td>
      <td>Security Update for Next.js Auth0 Library \<=1.6.1</td>
      <td><a href="https://github.com/auth0/nextjs-auth0">nextjs-auth0</a></td>
    </tr>

    <tr>
      <td>December 08, 2021</td>
      <td><a href="/docs/secure/security-guidance/security-bulletins/cve-2021-41246">CVE-2021-41246</a></td>
      <td>Security Update for Express OpenID Connect >= 2.3.0, \<= 2.5.1</td>
      <td><a href="https://github.com/auth0/express-openid-connect">express-openid-connect</a></td>
    </tr>

    <tr>
      <td>June 23, 2021</td>
      <td><a href="/docs/secure/security-guidance/security-bulletins/cve-2021-32702">CVE-2021-32702</a></td>
      <td>Security Update for Auth0 Next.js \<= 1.4.1</td>
      <td><a href="https://github.com/auth0/nextjs-auth0">nextjs-auth0</a></td>
    </tr>

    <tr>
      <td>June 4, 2021</td>
      <td><a href="/docs/secure/security-guidance/security-bulletins/cve-2021-32641">CVE-2021-32641</a></td>
      <td>Security Update for Auth0 Lock \<= 11.30.0</td>
      <td><a href="https://github.com/auth0/lock">Auth0 Lock</a></td>
    </tr>

    <tr>
      <td>November 05, 2020</td>
      <td><a href="/docs/secure/security-guidance/security-bulletins/cve-2020-15259">CVE-2020-15259</a></td>
      <td>Auth0 Security Bulletin for ad-ldap-connector versions \<= 5.0.12</td>
      <td><a href="https://github.com/auth0/ad-ldap-connector">AD/LDAP Connector</a></td>
    </tr>

    <tr>
      <td>October 21, 2020</td>
      <td><a href="/docs/secure/security-guidance/security-bulletins/cve-2020-15240">CVE-2020-15240</a></td>
      <td>Security Update for omniauth-auth0 JWT Validation</td>
      <td><a href="https://github.com/auth0/omniauth-auth0">omniauth-auth0</a></td>
    </tr>

    <tr>
      <td>August 16, 2020</td>
      <td><a href="/docs/secure/security-guidance/security-bulletins/cve-2020-15119">CVE-2020-15119</a></td>
      <td>Security Update for Auth0 Lock \<= 11.25.1</td>
      <td><a href="https://github.com/auth0/lock">Auth0 Lock</a></td>
    </tr>

    <tr>
      <td>July 28, 2020</td>
      <td><a href="/docs/secure/security-guidance/security-bulletins/cve-2020-15125">CVE-2020-15125</a></td>
      <td>Auth0 Security Bulletin for node-auth0 \<= 2.27.0</td>
      <td><a href="https://github.com/auth0/node-auth0">node-auth0</a></td>
    </tr>

    <tr>
      <td>June 30, 2020</td>
      <td><a href="/docs/secure/security-guidance/security-bulletins/cve-2020-15084">CVE-2020-15084</a></td>
      <td>Auth0 Security Bulletin for express-jwt versions \< 6.0.0</td>
      <td><a href="https://github.com/auth0/express-jwt">express-jwt</a></td>
    </tr>

    <tr>
      <td>April 09, 2020</td>
      <td><a href="/docs/secure/security-guidance/security-bulletins/cve-2020-5263">CVE-2020-5263</a></td>
      <td>Auth0 Security Bulletin for auth0.js versions \<= 9.13.1</td>
      <td>Auth0.js</td>
    </tr>

    <tr>
      <td>March 31, 2020</td>
      <td><a href="/docs/secure/security-guidance/security-bulletins/2020-03-31-wpauth0">Auth0 Bulletin</a></td>
      <td>Auth0 Security Bulletin for WordPress Plugin for Auth0 versions \< 4.0.0</td>
      <td>WordPress Plugin for Auth0</td>
    </tr>

    <tr>
      <td>January 31, 2020</td>
      <td><a href="/docs/secure/security-guidance/security-bulletins/cve-2019-20173">CVE-2019-20173</a></td>
      <td>Auth0 Security Bulletin for WordPress Plugin for Auth0 versions 3.11.0, 3.11.1 and 3.11.2</td>
      <td>WordPress Plugin for Auth0</td>
    </tr>

    <tr>
      <td>January 30, 2020</td>
      <td><a href="/docs/secure/security-guidance/security-bulletins/cve-2019-20174">CVE-2019-20174</a></td>
      <td>Auth0 Security Bulletin for Auth0 Lock \< 11.21.0</td>
      <td>Auth0 Lock</td>
    </tr>

    <tr>
      <td>October 04, 2019</td>
      <td><a href="/docs/secure/security-guidance/security-bulletins/cve-2019-16929">CVE-2019-16929</a></td>
      <td>Auth0 Security Bulletin for auth0.net between versions 5.8.0 and 6.5.3 inclusive</td>
      <td>auth0.net</td>
    </tr>

    <tr>
      <td>September 05, 2019</td>
      <td><a href="/docs/secure/security-guidance/security-bulletins/2019-09-05-scopes">Auth0 bulletin</a></td>
      <td>Auth0 Security Bulletin for assigning scopes based on email address</td>
      <td>Custom code within Auth0 rules</td>
    </tr>

    <tr>
      <td>July 23, 2019</td>
      <td><a href="/docs/secure/security-guidance/security-bulletins/cve-2019-13483">CVE-2019-13483</a></td>
      <td>Security Bulletin for Passport-SharePoint \< 0.4.0</td>
      <td>Passport-SharePoint</td>
    </tr>

    <tr>
      <td>February 15, 2019</td>
      <td><a href="/docs/secure/security-guidance/security-bulletins/cve-2019-7644">CVE-2019-7644</a></td>
      <td>Security Bulletin for Auth0-WCF-Service-JWT \< 1.0.4</td>
      <td>Auth0-WCF-Service-JWT</td>
    </tr>

    <tr>
      <td>January 10, 2019</td>
      <td><a href="/docs/secure/security-guidance/security-bulletins/2019-01-10-rules">Auth0 bulletin</a></td>
      <td>Auth0 Security Bulletin for Vulnerable Patterns in Custom Rule Code</td>
      <td>Custom code within Auth0 Rules</td>
    </tr>

    <tr>
      <td>August 6, 2018</td>
      <td><a href="/docs/secure/security-guidance/security-bulletins/cve-2018-15121">CVE-2018-15121</a></td>
      <td>Security vulnerability in deprecated Auth0 middleware for ASP.NET</td>
      <td>auth0-aspnet, auth0-aspnet-owin</td>
    </tr>

    <tr>
      <td>June 5, 2018</td>
      <td><a href="/docs/secure/security-guidance/security-bulletins/cve-2018-11537">CVE-2018-11537</a></td>
      <td>Security update for angular-jwt allowlist bypass</td>
      <td>angular-jwt</td>
    </tr>

    <tr>
      <td>April 4, 2018</td>
      <td><a href="/docs/secure/security-guidance/security-bulletins/cve-2018-6874">CVE-2018-6874</a></td>
      <td>Security vulnerability for Auth0 authentication service</td>
      <td>Auth0 Authentication Service</td>
    </tr>

    <tr>
      <td>April 4, 2018</td>
      <td><a href="/docs/secure/security-guidance/security-bulletins/cve-2018-6873">CVE 2018-6873</a></td>
      <td>Security vulnerability for Auth0 authentication service</td>
      <td>Auth0 Authentication Service</td>
    </tr>

    <tr>
      <td>February 26, 2018</td>
      <td><a href="/docs/secure/security-guidance/security-bulletins/cve-2018-7307">CVE 2018-7307</a></td>
      <td>Security vulnerability for auth0.js \< 9.3</td>
      <td>Auth0.js</td>
    </tr>

    <tr>
      <td>December 22, 2017</td>
      <td><a href="/docs/secure/security-guidance/security-bulletins/cve-2017-16897">CVE 2017-16897</a></td>
      <td>Security update for passport-wsfed-saml2 Passport strategy library</td>
      <td>passport-wsfed-saml2 Passport strategy library</td>
    </tr>

    <tr>
      <td>December 4, 2017</td>
      <td><a href="/docs/secure/security-guidance/security-bulletins/cve-2017-17068">CVE 2017-17068</a></td>
      <td>Security update for auth0.js popup callback vulnerability</td>
      <td>Auth0.js</td>
    </tr>
  </tbody>
</table>
