12 matches found
@clerk/agent-toolkit (>=0.2.5-canary-core3.v20251124105058 <=0.3.16-snapshot.v20260416221307), @clerk/astro (>=3.0.0 <=3.2.3-canary.v20260508190534) +69 more potentially affected by CVE-2026-42349 via @clerk/shared (>=4.0.0 <=4.8.3-snapshot.v20260421194054)
@clerk/shared NPM version =4.0.0, =0.2.5-canary-core3.v20251124105058, =3.0.0, =3.0.0, =3.0.0, =5.68.0-snapshot.v20250528192432, =3.0.0, =1.0.0, =2.0.0, =2.6.5-canary-core3.v20251124105058, =0.0.2, =4.0.0, =7.0.0, =2.0.0, =6.0.0, =2.2.5-canary-core3.v20251124105058, =3.2.4-canary.v20260508190534...
Incorrect Authorization
Overview @clerk/shared is an Internal package utils used by the Clerk SDKs Affected versions of this package are vulnerable to Incorrect Authorization through the createProtect and createCheckAuthorization functions. An attacker can gain access to protected pages or handlers by supplying a single...
@aurora-nexus/aurora-nexus-design-system (=0.2.0), @fireproof/core-protocols-dashboard (>=0.24.3-dev-20261224 <=0.24.12) +6 more potentially affected by CVE-2026-42349 via @clerk/shared (>=3.36.0 <=3.45.1)
@clerk/shared NPM version =3.36.0, =0.24.3-dev-20261224, =0.24.3-dev-20261224, =0.24.3-dev-20261224, =0.0.14, =0.18.25-dev, =0.24.3-dev-20261224, =0.18.25-dev, =0.18.28-dev Source cves: CVE-2026-42349 Source advisory: SNYK:JS-CLERKSHARED-16347746...
@aurora-nexus/aurora-nexus-design-system (=0.2.0), @fireproof/core-protocols-dashboard (>=0.24.3-dev-20261224 <=0.24.12) +6 more potentially affected by CVE-2026-42349 via @clerk/shared (>=3.36.0 <=3.45.1)
@clerk/shared NPM version =3.36.0, =0.24.3-dev-20261224, =0.24.3-dev-20261224, =0.24.3-dev-20261224, =0.0.14, =0.18.25-dev, =0.24.3-dev-20261224, =0.18.25-dev, =0.18.28-dev Source cves: CVE-2026-42349 Source advisory: OSV:GHSA-W24R-5266-9C3C...
@clerk/agent-toolkit (>=0.2.5-canary-core3.v20251124105058 <=0.3.16-snapshot.v20260416221307), @clerk/astro (>=3.0.0 <=3.2.3-canary.v20260508190534) +69 more potentially affected by CVE-2026-42349 via @clerk/shared (>=4.0.0 <=4.8.3-snapshot.v20260421194054)
@clerk/shared NPM version =4.0.0, =0.2.5-canary-core3.v20251124105058, =3.0.0, =3.0.0, =3.0.0, =5.68.0-snapshot.v20250528192432, =3.0.0, =1.0.0, =2.0.0, =2.6.5-canary-core3.v20251124105058, =0.0.2, =4.0.0, =7.0.0, =2.0.0, =6.0.0, =2.2.5-canary-core3.v20251124105058, =3.2.4-canary.v20260508190534...
EUVD-2026-25632
Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and @clerk/astro can be bypassed by certain crafted requests, allowing them to skip middleware gating and reach downstream handlers. This vulnerability is fixed in...
@clerk/agent-toolkit (>=0.2.5-canary-core3.v20251124105058 <=0.3.15-canary.v20260415142102), @clerk/astro (>=3.0.0 <=3.2.3-canary.v20260508190534) +69 more potentially affected by CVE-2026-41248 via @clerk/shared (>=4.0.0 <=4.8.1-canary.v20260415142102)
@clerk/shared NPM version =4.0.0, =0.2.5-canary-core3.v20251124105058, =3.0.0, =3.0.0, =3.0.0, =5.68.0-snapshot.v20250528192432, =3.0.0, =1.0.0, =2.0.0, =2.6.5-canary-core3.v20251124105058, =0.0.2, =4.0.0, =7.0.0, =2.0.0, =6.0.0, =2.2.5-canary-core3.v20251124105058, =3.2.4-canary.v20260508190534...
@aurora-nexus/aurora-nexus-design-system (=0.2.0), @fireproof/core-protocols-dashboard (>=0.24.3-dev-20261224 <=0.24.12) +6 more potentially affected by CVE-2026-41248 via @clerk/shared (>=3.36.0 <=3.45.1)
@clerk/shared NPM version =3.36.0, =0.24.3-dev-20261224, =0.24.3-dev-20261224, =0.24.3-dev-20261224, =0.0.14, =0.18.25-dev, =0.24.3-dev-20261224, =0.18.25-dev, =0.18.28-dev Source cves: CVE-2026-41248 Source advisory: OSV:GHSA-VQX2-FGX2-5WQ9...
ngx-clerk-iliad (=0.2.8), ngx-clerk-imok (>=0.2.8 <=0.3.5) potentially affected by CVE-2026-41248 via @clerk/shared (=2.20.6)
@clerk/shared NPM version =2.20.6 is affected by a known vulnerability. The following packages have a transitive dependency on @clerk/shared and may be impacted: - ngx-clerk-iliad =0.2.8 - ngx-clerk-imok =0.2.8, =0.3.5 Source cves: CVE-2026-41248 Source advisory: OSV:GHSA-VQX2-FGX2-5WQ9...
Incorrect Authorization
Overview @clerk/shared is an Internal package utils used by the Clerk SDKs Affected versions of this package are vulnerable to Incorrect Authorization via the createPathMatcher function in @clerk/shared used by downstream createRouteMatcher. An attacker can gain unauthorized access to protected...
ngx-clerk-iliad (=0.2.8), ngx-clerk-imok (>=0.2.8 <=0.3.5) potentially affected by CVE-2026-41248 via @clerk/shared (=2.20.6)
@clerk/shared NPM version =2.20.6 is affected by a known vulnerability. The following packages have a transitive dependency on @clerk/shared and may be impacted: - ngx-clerk-iliad =0.2.8 - ngx-clerk-imok =0.2.8, =0.3.5 Source cves: CVE-2026-41248 Source advisory: SNYK:JS-CLERKSHARED-16098252...
@clerk/agent-toolkit (>=0.2.5-canary-core3.v20251124105058 <=0.3.15-canary.v20260415142102), @clerk/astro (>=3.0.0 <=3.2.3-canary.v20260508190534) +69 more potentially affected by CVE-2026-41248 via @clerk/shared (>=4.0.0 <=4.8.1-canary.v20260415142102)
@clerk/shared NPM version =4.0.0, =0.2.5-canary-core3.v20251124105058, =3.0.0, =3.0.0, =3.0.0, =5.68.0-snapshot.v20250528192432, =3.0.0, =1.0.0, =2.0.0, =2.6.5-canary-core3.v20251124105058, =0.0.2, =4.0.0, =7.0.0, =2.0.0, =6.0.0, =2.2.5-canary-core3.v20251124105058, =3.2.4-canary.v20260508190534...