CVE-2026-42349

Clerk JavaScript is the official JavaScript repository for Clerk authentication. has, auth.protect, and related authorization predicates in @clerk/shared, @clerk/nextjs, @clerk/backend, and other framework SDKs can return true for certain combined authorization checks when the result should be...

Incorrect Authorization

Overview @clerk/clerk-js is a Clerk JS library Affected versions of this package are vulnerable to Incorrect Authorization through the createProtect and createCheckAuthorization functions. An attacker can gain access to protected pages or handlers by supplying a single auth.protect or has call th...

编号撤回

Official Clerk JavaScript SDKs is a Clerk open source official Javascript repository for Clerk authentication. A security vulnerability exists in the Official Clerk JavaScript SDKs version 5.88.0 that originates from an attacker being able to bypass the OAuth authentication process, potentially...

Official Clerk JavaScript SDKs Security Vulnerabilities

Official Clerk JavaScript SDKs is an official Javascript repository for Clerk authentication open-sourced by Clerk. A security vulnerability exists in the Official Clerk JavaScript SDKs version 4.7.0 up to and including 4.29.3, which stems from a logic flaw in auth in App Router or getAuth in Pag...