1. Home
  2. Vulnerabilities
  3. CVE-2022-23529
0.0
NA
CVE-2022-23529
Apache Not a Vulnerability
Overview
Description

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The issue is not a vulnerability. Notes: none.

Details
INFO

Published Date :

Dec. 21, 2022, 9:15 p.m.

Last Modified :

Nov. 7, 2023, 3:44 a.m.

Remotely Exploit :

No

Source :

[email protected]
Impact
Affected Products

The following products are affected by CVE-2022-23529 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Auth0 jsonwebtoken
: Total Affected Vendor : 1 | Products : 1
Solution
This information is provided by the 3rd party feeds.
  • n\a
Public PoC/Exploit Available at Github

CVE-2022-23529 has a 63 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
PrinceORavens/VulnApp

None

JavaScript Python

Updated: 1 day, 15 hours ago
0 stars 0 fork 0 watcher
Born at : May 6, 2026, 4:02 p.m. This repo has been linked 15 different CVEs too.
Profile Photo
cbgabler/glassbox-demo

None

C++ JavaScript Python Shell

Updated: 5 days, 12 hours ago
0 stars 0 fork 0 watcher
Born at : May 3, 2026, 7:48 a.m. This repo has been linked 8 different CVEs too.
Profile Photo
jportillagamboa/cnapp_example

None

Dockerfile TypeScript HCL Shell Python

Updated: 1 week ago
0 stars 0 fork 0 watcher
Born at : May 1, 2026, 2:50 p.m. This repo has been linked 16 different CVEs too.
Profile Photo
amerintlxperts/vulnerable-mcp-app

Code used as a part of xPerts AI-Track

Dockerfile TypeScript HCL Shell Python

Updated: 1 week, 4 days ago
0 stars 26 fork 26 watcher
Born at : April 27, 2026, 10:07 p.m. This repo has been linked 16 different CVEs too.
Profile Photo
prateekjaindev/dependency-track-demo

None

Dockerfile JavaScript

Updated: 1 week, 3 days ago
0 stars 0 fork 0 watcher
Born at : April 27, 2026, 5:02 p.m. This repo has been linked 5 different CVEs too.
Profile Photo
prabhu2k/vulnerable-npm-demo-app

None

JavaScript Shell

Updated: 1 week, 4 days ago
0 stars 0 fork 0 watcher
Born at : April 27, 2026, 11:03 a.m. This repo has been linked 2 different CVEs too.
Profile Photo
Matsu-DA/docker-vuln-scan-sample

None

Dockerfile Shell

Updated: 3 weeks, 1 day ago
0 stars 0 fork 0 watcher
Born at : April 17, 2026, 4:02 a.m. This repo has been linked 3 different CVEs too.
Profile Photo
enchanted-plugins/hydra

Claude Code plugin for real-time threat interception with secret scanning, vulnerability detection, and command blocking.

Shell Python Markdown

Updated: 2 weeks ago
1 stars 0 fork 0 watcher
Born at : April 15, 2026, 7:03 p.m. This repo has been linked 12 different CVEs too.
Profile Photo
0019-KDU/vulnerable-web-app

Intentionally vulnerable app to trigger CodeQL, Dependabot, Secret Scanning, and other security scanning tools.

Dockerfile JavaScript HCL

Updated: 3 weeks, 4 days ago
0 stars 0 fork 0 watcher
Born at : April 13, 2026, 7:46 a.m. This repo has been linked 7 different CVEs too.
Profile Photo
hmatsushita-quo/supply-chain-test

None

JavaScript

Updated: 3 weeks, 2 days ago
0 stars 0 fork 0 watcher
Born at : April 13, 2026, 5:10 a.m. This repo has been linked 11 different CVEs too.
Profile Photo
Kendall-Reyes/Web_Segura

None

JavaScript HTML CSS Dockerfile

Updated: 2 weeks, 4 days ago
0 stars 0 fork 0 watcher
Born at : April 10, 2026, 9:44 p.m. This repo has been linked 3 different CVEs too.
Profile Photo
mothy-08/SekyuAI-demo

None

JavaScript

Updated: 4 weeks, 1 day ago
0 stars 0 fork 0 watcher
Born at : April 10, 2026, 3:03 a.m. This repo has been linked 3 different CVEs too.
Profile Photo
efecanbasoz/solo-squad

One developer with AI ships like a team of twenty. 40 skills + 8 workflow commands with DOT flowcharts, hard gates, and anti-slop defenses for Claude Code, Codex CLI, and OpenCode.

claude-code agency agency-tools productivity developer-tools codex opencode

Shell JavaScript Batchfile

Updated: 5 days, 9 hours ago
0 stars 0 fork 0 watcher
Born at : April 7, 2026, 10:23 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
apachecom40net/vulnerable-mcp-app

None

Dockerfile TypeScript HCL Shell Python

Updated: 1 month ago
0 stars 0 fork 0 watcher
Born at : April 3, 2026, 1:04 p.m. This repo has been linked 16 different CVEs too.
Profile Photo
koralbit/security-alerts-poc

None

HTML TypeScript

Updated: 1 month, 1 week ago
0 stars 0 fork 0 watcher
Born at : April 1, 2026, 9:56 p.m. This repo has been linked 15 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2022-23529 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2022-23529 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by [email protected]

    Nov. 07, 2023

    Action Type Old Value New Value
    Changed Description ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The issue is not a vulnerability. Notes: none. Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The issue is not a vulnerability. Notes: none.
  • CVE Modified by [email protected]

    Jan. 27, 2023

    Action Type Old Value New Value
    Changed Description node-jsonwebtoken is a JsonWebToken implementation for node.js. For versions `<= 8.5.1` of `jsonwebtoken` library, if a malicious actor has the ability to modify the key retrieval parameter (referring to the `secretOrPublicKey` argument from the readme link of the `jwt.verify()` function, they can write arbitrary files on the host machine. Users are affected only if untrusted entities are allowed to modify the key retrieval parameter of the `jwt.verify()` on a host that you control. This issue has been fixed, please update to version 9.0.0. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The issue is not a vulnerability. Notes: none.
    Removed CVSS V3.1 GitHub, Inc. AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
    Removed CVSS V3.1 Reason A-No limiting factors
    Removed CVSS V3.1 Reason C-No limiting factors
    Removed CVSS V3.1 Reason PR-No privileges needed
    Removed Reference https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3 [Patch, Third Party Advisory]
    Removed Reference https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-27h2-hvpr-p74q [Third Party Advisory]
    Removed CWE GitHub, Inc. CWE-20
  • CVE Rejected by [email protected]

    Jan. 27, 2023

    Action Type Old Value New Value
  • Initial Analysis by [email protected]

    Dec. 30, 2022

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3 No Types Assigned https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3 Patch, Third Party Advisory
    Changed Reference Type https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-27h2-hvpr-p74q No Types Assigned https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-27h2-hvpr-p74q Third Party Advisory
    Added CPE Configuration OR *cpe:2.3:a:auth0:jsonwebtoken:*:*:*:*:*:node.js:*:* versions up to (including) 8.5.1
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CVSS
Vulnerability Scoring Details
No CVSS metrics available for this vulnerability.