Security Advisories - auth0/auth0-php - Packagist

auth0/auth0-php Security Advisories for 8.0.2 (3)

[LOW] auth0-PHP SDK Does Not Properly Handle File Types in Bulk User Import

PKSA-r19n-r8k1-m54h CVE-2025-58769 GHSA-9mh6-g99m-ppcw

Affected version: >=3.3.0,<=8.16.0

Reported by:
GitHub
[CRITICAL] Auth0-PHP SDK Deserialization of Untrusted Data vulnerability

PKSA-sk32-hw5b-mdyw CVE-2025-48951 GHSA-v9m8-9xxp-q492

Affected version: >=8.0.0-BETA3,<8.3.1

Reported by:
GitHub
[CRITICAL] Brute Force Authentication Tags of CookieStore Sessions in Auth0-PHP SDK

PKSA-w6j7-c1kq-w6yb CVE-2025-47275 GHSA-g98g-r7gf-2r25

Affected version: >=8.0.0-BETA1,<8.14.0

Reported by:
GitHub