> ## Documentation Index > Fetch the complete documentation index at: https://docs-dev-docs-event-stream-action-templates.mintlify.site/llms.txt > Use this file to discover all available pages before exploring further. > Lists Auth0 security bulletins. # Security Bulletins Here is a list of Auth0 security bulletins that address security vulnerabilities in Auth0 software. Each bulletin contains a description of the vulnerability, how to identify if you are affected, and what to do to fix it. | Date | Bulletin number | Title | Affected software | | ------------------ | ------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------- | ------------------------------------------------------------------------- | | December 21, 2022 | [Auth0 Bulletin](/docs/secure/security-guidance/security-bulletins/2022-12-21-jsonwebtoken) | Auth0 security bulletin for jsonwebtoken | [node-jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) | | December 12, 2022 | [CVE-2022-23505](/docs/secure/security-guidance/security-bulletins/cve-2022-23505) | Security Update for passport-wsfed-saml2 Library | [passpord-wsfed-saml2](https://github.com/auth0/passport-wsfed-saml2) | | March 30, 2022 | [CVE-2022-24794](/docs/secure/security-guidance/security-bulletins/cve-2022-24794) | Security Update for Express OpenID Connect Library | [express-openid-connect](https://github.com/auth0/express-openid-connect) | | December 16, 2021 | [CVE-2021-43812](/docs/secure/security-guidance/security-bulletins/cve-2021-43812) | Security Update for Next.js Auth0 Library \<=1.6.1 | [nextjs-auth0](https://github.com/auth0/nextjs-auth0) | | December 08, 2021 | [CVE-2021-41246](/docs/secure/security-guidance/security-bulletins/cve-2021-41246) | Security Update for Express OpenID Connect >= 2.3.0, \<= 2.5.1 | [express-openid-connect](https://github.com/auth0/express-openid-connect) | | June 23, 2021 | [CVE-2021-32702](/docs/secure/security-guidance/security-bulletins/cve-2021-32702) | Security Update for Auth0 Next.js \<= 1.4.1 | [nextjs-auth0](https://github.com/auth0/nextjs-auth0) | | June 4, 2021 | [CVE-2021-32641](/docs/secure/security-guidance/security-bulletins/cve-2021-32641) | Security Update for Auth0 Lock \<= 11.30.0 | [Auth0 Lock](https://github.com/auth0/lock) | | November 05, 2020 | [CVE-2020-15259](/docs/secure/security-guidance/security-bulletins/cve-2020-15259) | Auth0 Security Bulletin for ad-ldap-connector versions \<= 5.0.12 | [AD/LDAP Connector](https://github.com/auth0/ad-ldap-connector) | | October 21, 2020 | [CVE-2020-15240](/docs/secure/security-guidance/security-bulletins/cve-2020-15240) | Security Update for omniauth-auth0 JWT Validation | [omniauth-auth0](https://github.com/auth0/omniauth-auth0) | | August 16, 2020 | [CVE-2020-15119](/docs/secure/security-guidance/security-bulletins/cve-2020-15119) | Security Update for Auth0 Lock \<= 11.25.1 | [Auth0 Lock](https://github.com/auth0/lock) | | July 28, 2020 | [CVE-2020-15125](/docs/secure/security-guidance/security-bulletins/cve-2020-15125) | Auth0 Security Bulletin for node-auth0 \<= 2.27.0 | [node-auth0](https://github.com/auth0/node-auth0) | | June 30, 2020 | [CVE-2020-15084](/docs/secure/security-guidance/security-bulletins/cve-2020-15084) | Auth0 Security Bulletin for express-jwt versions \< 6.0.0 | [express-jwt](https://github.com/auth0/express-jwt) | | April 09, 2020 | [CVE-2020-5263](/docs/secure/security-guidance/security-bulletins/cve-2020-5263) | Auth0 Security Bulletin for auth0.js versions \<= 9.13.1 | Auth0.js | | March 31, 2020 | [Auth0 Bulletin](/docs/secure/security-guidance/security-bulletins/2020-03-31-wpauth0) | Auth0 Security Bulletin for WordPress Plugin for Auth0 versions \< 4.0.0 | WordPress Plugin for Auth0 | | January 31, 2020 | [CVE-2019-20173](/docs/secure/security-guidance/security-bulletins/cve-2019-20173) | Auth0 Security Bulletin for WordPress Plugin for Auth0 versions 3.11.0, 3.11.1 and 3.11.2 | WordPress Plugin for Auth0 | | January 30, 2020 | [CVE-2019-20174](/docs/secure/security-guidance/security-bulletins/cve-2019-20174) | Auth0 Security Bulletin for Auth0 Lock \< 11.21.0 | Auth0 Lock | | October 04, 2019 | [CVE-2019-16929](/docs/secure/security-guidance/security-bulletins/cve-2019-16929) | Auth0 Security Bulletin for auth0.net between versions 5.8.0 and 6.5.3 inclusive | auth0.net | | September 05, 2019 | [Auth0 bulletin](/docs/secure/security-guidance/security-bulletins/2019-09-05-scopes) | Auth0 Security Bulletin for assigning scopes based on email address | Custom code within Auth0 rules | | July 23, 2019 | [CVE-2019-13483](/docs/secure/security-guidance/security-bulletins/cve-2019-13483) | Security Bulletin for Passport-SharePoint \< 0.4.0 | Passport-SharePoint | | February 15, 2019 | [CVE-2019-7644](/docs/secure/security-guidance/security-bulletins/cve-2019-7644) | Security Bulletin for Auth0-WCF-Service-JWT \< 1.0.4 | Auth0-WCF-Service-JWT | | January 10, 2019 | [Auth0 bulletin](/docs/secure/security-guidance/security-bulletins/2019-01-10-rules) | Auth0 Security Bulletin for Vulnerable Patterns in Custom Rule Code | Custom code within Auth0 Rules | | August 6, 2018 | [CVE-2018-15121](/docs/secure/security-guidance/security-bulletins/cve-2018-15121) | Security vulnerability in deprecated Auth0 middleware for ASP.NET | auth0-aspnet, auth0-aspnet-owin | | June 5, 2018 | [CVE-2018-11537](/docs/secure/security-guidance/security-bulletins/cve-2018-11537) | Security update for angular-jwt allowlist bypass | angular-jwt | | April 4, 2018 | [CVE-2018-6874](/docs/secure/security-guidance/security-bulletins/cve-2018-6874) | Security vulnerability for Auth0 authentication service | Auth0 Authentication Service | | April 4, 2018 | [CVE 2018-6873](/docs/secure/security-guidance/security-bulletins/cve-2018-6873) | Security vulnerability for Auth0 authentication service | Auth0 Authentication Service | | February 26, 2018 | [CVE 2018-7307](/docs/secure/security-guidance/security-bulletins/cve-2018-7307) | Security vulnerability for auth0.js \< 9.3 | Auth0.js | | December 22, 2017 | [CVE 2017-16897](/docs/secure/security-guidance/security-bulletins/cve-2017-16897) | Security update for passport-wsfed-saml2 Passport strategy library | passport-wsfed-saml2 Passport strategy library | | December 4, 2017 | [CVE 2017-17068](/docs/secure/security-guidance/security-bulletins/cve-2017-17068) | Security update for auth0.js popup callback vulnerability | Auth0.js |