Known Vulnerabilities for Express-jwt by Auth0
Listed below are 1 of the newest known vulnerabilities associated with "Express-jwt" by "Auth0".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-34076 | Clerk JavaScript is the official JavaScript repository for Clerk authentication. In @clerk/hono from versions 0.1.0 to before... | Not Provided | 2026-04-01 | 2026-04-01 |
| CVE-2026-33979 | Express XSS Sanitizer is Express 4.x and 5.x middleware which sanitizes user input data (in req.body, req.query, req.headers ... | Not Provided | 2026-03-27 | 2026-03-31 |
| CVE-2026-27508 | Smoothwall Express versions prior to 3.1 Update 13 contain a reflected cross-site scripting vulnerability in the /redirect.cg... | Not Provided | 2026-03-30 | 2026-03-31 |
| CVE-2026-26352 | Smoothwall Express versions prior to 3.1 Update 13 contain a stored cross-site scripting vulnerability in the /cgi-bin/vpnmai... | Not Provided | 2026-03-30 | 2026-03-30 |
| CVE-2025-68038 | Deserialization of Untrusted Data vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Object Inject... | Not Provided | 2025-12-24 | 2026-04-01 |
| CVE-2025-49399 | Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Cross Site Reques... | Not Provided | 2025-08-20 | 2026-04-01 |
| CVE-2025-46499 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hccoder PayPal Express ... | Not Provided | 2025-04-24 | 2026-04-01 |
| CVE-2025-31078 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology Small... | Not Provided | 2025-04-01 | 2026-04-01 |
| CVE-2025-30915 | Missing Authorization vulnerability in enituretechnology Small Package Quotes – Worldwide Express Edition small-package-quo... | Not Provided | 2025-04-03 | 2026-04-01 |
| CVE-2025-27361 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thhake Photo Express fo... | Not Provided | 2025-06-27 | 2026-04-01 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Auth0 | Express-jwt | 6.0.0 | All | All | All |
| Application | Auth0 | Express-jwt | 5.3.3 | All | All | All |
| Application | Auth0 | Express-jwt | 5.3.2 | All | All | All |
| Application | Auth0 | Express-jwt | 5.3.1 | All | All | All |
| Application | Auth0 | Express-jwt | 5.3.0 | All | All | All |
| Application | Auth0 | Express-jwt | 5.2.0 | All | All | All |
| Application | Auth0 | Express-jwt | 5.1.0 | All | All | All |
| Application | Auth0 | Express-jwt | 5.0.0 | All | All | All |
| Application | Auth0 | Express-jwt | 4.0.0 | All | All | All |
| Application | Auth0 | Express-jwt | 3.4.0 | All | All | All |
| Application | Auth0 | Express-jwt | 3.3.0 | All | All | All |
| Application | Auth0 | Express-jwt | 3.2.0 | All | All | All |
| Application | Auth0 | Express-jwt | 3.1.0 | All | All | All |
| Application | Auth0 | Express-jwt | 3.0.1 | All | All | All |
| Application | Auth0 | Express-jwt | 3.0.0 | All | All | All |
| Application | Auth0 | Express-jwt | 2.1.0 | All | All | All |
| Application | Auth0 | Express-jwt | 2.0.1 | All | All | All |
| Application | Auth0 | Express-jwt | 2.0.0 | All | All | All |
| Application | Auth0 | Express-jwt | 1.4.0 | All | All | All |
| Application | Auth0 | Express-jwt | 1.3.1 | All | All | All |