[MEDIUM] Auth0-PHP SDK has Improper Audience Validation

PKSA-xk7h-d6qg-hj3r CVE-2025-68129 GHSA-j2vm-wrq3-f7gf

Affected version: >=8.0.0,<8.18.0

Reported by:
GitHub

[LOW] auth0-PHP SDK Does Not Properly Handle File Types in Bulk User Import

PKSA-r19n-r8k1-m54h CVE-2025-58769 GHSA-9mh6-g99m-ppcw

Affected version: >=3.3.0,<=8.16.0

Reported by:
GitHub

[CRITICAL] Auth0-PHP SDK Deserialization of Untrusted Data vulnerability

PKSA-sk32-hw5b-mdyw CVE-2025-48951 GHSA-v9m8-9xxp-q492

Affected version: >=8.0.0-BETA3,<8.3.1

Reported by:
GitHub

[CRITICAL] Brute Force Authentication Tags of CookieStore Sessions in Auth0-PHP SDK

PKSA-w6j7-c1kq-w6yb CVE-2025-47275 GHSA-g98g-r7gf-2r25

Affected version: >=8.0.0-BETA1,<8.14.0

Reported by:
GitHub