Lucene search
K

118 matches found

OSSF Malicious Packages
OSSF Malicious Packages
โ€ขadded 2026/06/17 4:56 a.m.โ€ข8 views

Malicious code in @mastra/auth-clerk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d80aa3e2beb7b80c5c0ab6155ebf33290b48d7e23a97f7dc5e2f7bc288d5e84f The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSV
OSV
โ€ขadded 2026/06/09 4:7 p.m.โ€ข13 views

MAL-2026-5385 Malicious code in @0xlr/clerk-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ff421a5ccb412fd8455e89a1b9875b427ed34af12fa4b188ed4418cd8f52a74 On npm install, postinstall.js enumerates the entire process environment Object.keysprocess.env.sort.forEach along with hostname, username, home...

5.5AI score
Exploits0References1
RedhatCVE
RedhatCVE
โ€ขadded 2026/05/14 7:58 p.m.โ€ข9 views

CVE-2026-42349

Clerk JavaScript is the official JavaScript repository for Clerk authentication. has, auth.protect, and related authorization predicates in @clerk/shared, @clerk/nextjs, @clerk/backend, and other framework SDKs can return true for certain combined authorization checks when the result should be...

8.1CVSS5.8AI score0.00246EPSS
Exploits0References1
NVD
NVD
โ€ขadded 2026/05/11 5:16 p.m.โ€ข17 views

CVE-2026-42349

Clerk JavaScript is the official JavaScript repository for Clerk authentication. has, auth.protect, and related authorization predicates in @clerk/shared, @clerk/nextjs, @clerk/backend, and other framework SDKs can return true for certain combined authorization checks when the result should be...

8.1CVSS0.00246EPSS
Exploits0References1
Cvelist
Cvelist
โ€ขadded 2026/05/11 4:8 p.m.โ€ข39 views

CVE-2026-42349 Clerk: Authorization bypass when combining organization, billing, or reverification checks

Clerk JavaScript is the official JavaScript repository for Clerk authentication. has, auth.protect, and related authorization predicates in @clerk/shared, @clerk/nextjs, @clerk/backend, and other framework SDKs can return true for certain combined authorization checks when the result should be...

7.6CVSS0.00246EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
โ€ขadded 2026/05/11 4:8 p.m.โ€ข7 views

CVE-2026-42349

Clerk JavaScript is the official JavaScript repository for Clerk authentication. has, auth.protect, and related authorization predicates in @clerk/shared, @clerk/nextjs, @clerk/backend, and other framework SDKs can return true for certain combined authorization checks when the result should be...

7.6CVSS5.8AI score0.00246EPSS
Exploits0References2Affected Software17
Vulnrichment
Vulnrichment
โ€ขadded 2026/05/11 4:8 p.m.โ€ข7 views

CVE-2026-42349 Clerk: Authorization bypass when combining organization, billing, or reverification checks

Clerk JavaScript is the official JavaScript repository for Clerk authentication. has, auth.protect, and related authorization predicates in @clerk/shared, @clerk/nextjs, @clerk/backend, and other framework SDKs can return true for certain combined authorization checks when the result should be...

7.6CVSS5.8AI score0.00246EPSS
Exploits0References1
OSV
OSV
โ€ขadded 2026/05/11 4:8 p.m.โ€ข4 views

CVE-2026-42349 Clerk: Authorization bypass when combining organization, billing, or reverification checks

Clerk JavaScript is the official JavaScript repository for Clerk authentication. has, auth.protect, and related authorization predicates in @clerk/shared, @clerk/nextjs, @clerk/backend, and other framework SDKs can return true for certain combined authorization checks when the result should be...

7.6CVSS6AI score0.00246EPSS
Exploits0References3
CVE
CVE
โ€ขadded 2026/05/11 4:8 p.m.โ€ข34 views

CVE-2026-42349

CVE-2026-42349 - Clerk authorization bypass : Cler k JS ecosystem components (@clerk/shared, @clerk/nextjs, @clerk/backend, and related SDKs) can incorrectly return true for combined authorization checks in has()/auth.protect(), allowing a gated action to proceed when a user does not satisfy all ...

8.1CVSS5.8AI score0.00246EPSS
Exploits0References1Affected Software17
CNNVD
CNNVD
โ€ขadded 2026/05/11 12:0 a.m.โ€ข11 views

Official Clerk JavaScript SDKs ไปฃ็ ้—ฎ้ข˜ๆผๆดž

The Official Clerk JavaScript SDKs are an open-source repository for Clerk authentication purposes. These SDKs have code vulnerabilities that can lead to false positives during authorization checks. This occurs when functions like has and auth.protect, along with related authorization predicates,...

8.1CVSS5.9AI score0.00246EPSS
Exploits0References2
vulnersOsv
vulnersOsv
โ€ขadded 2026/04/30 6:20 p.m.โ€ข7 views

@clerk/chrome-extension (>=3.0.0 <=3.1.35-canary.v20260611003803), @clerk/expo (>=3.0.0 <=3.4.2-canary.v20260611003803) +3 more potentially affected by CVE-2026-42349 via @clerk/clerk-js (>=6.0.1-canary.v20260303211310 <=6.7.5-snapshot.v20260421194054)

@clerk/clerk-js NPM version =6.0.1-canary.v20260303211310, =3.0.0, =3.0.0, =0.2.13, =0.2.0, =0.8.3 - tauri-plugin-clerk =0.1.1 Source cves: CVE-2026-42349 Source advisory: OSV:GHSA-W24R-5266-9C3C...

8.1CVSS5.7AI score0.00246EPSS
Exploits0
vulnersOsv
vulnersOsv
โ€ขadded 2026/04/30 6:20 p.m.โ€ข34 views

@clerk/agent-toolkit (>=0.3.1-canary.v20260303211310 <=0.3.16-snapshot.v20260416221307), @clerk/astro (>=3.0.1-canary.v20260303211310 <=3.0.18-snapshot.v20260421194054) +9 more potentially affected by CVE-2026-42349 via @clerk/backend (>=3.0.0 <=3.2.14-snapshot.v20260421194054)

@clerk/backend NPM version =3.0.0, =0.3.1-canary.v20260303211310, =3.0.1-canary.v20260303211310, =2.0.1-canary.v20260303211310, =3.0.1-canary.v20260303211310, =0.0.3-canary.v20260303211310, =7.0.1-canary.v20260303211310, =2.0.1-canary.v20260303211310, =3.0.1-canary.v20260303211310,...

8.1CVSS5.8AI score0.00246EPSS
Exploits0
vulnersOsv
vulnersOsv
โ€ขadded 2026/04/30 6:20 p.m.โ€ข8 views

@builder-builder/builder (>=0.0.7 <=0.0.27), @carrierllc/mcp (>=0.2.0 <=0.2.17) +78 more potentially affected by CVE-2026-42349 via @clerk/shared (>=4.0.0 <=4.8.3-snapshot.v20260421194054)

@clerk/shared NPM version =4.0.0, =0.0.7, =0.2.0, =0.2.5-canary-core3.v20251124105058, =3.0.0, =3.0.0, =3.0.0, =5.68.0-snapshot.v20250528192432, =3.0.0, =1.0.0, =2.0.0, =2.6.5-canary-core3.v20251124105058, =0.0.2, =4.0.0, =7.0.0, =2.0.0, =2.6.2-canary.v20260611003803 and more Source cves:...

8.1CVSS5.7AI score0.00246EPSS
Exploits0
vulnersOsv
vulnersOsv
โ€ขadded 2026/04/30 6:20 p.m.โ€ข10 views

@aurora-nexus/aurora-nexus-design-system (=0.2.0), @fireproof/core-protocols-dashboard (>=0.24.3-dev-20261224 <=0.24.12) +6 more potentially affected by CVE-2026-42349 via @clerk/shared (>=3.36.0 <=3.45.1)

@clerk/shared NPM version =3.36.0, =0.24.3-dev-20261224, =0.24.3-dev-20261224, =0.24.3-dev-20261224, =0.0.14, =0.18.25-dev, =0.24.3-dev-20261224, =0.18.25-dev, =0.18.28-dev Source cves: CVE-2026-42349 Source advisory: OSV:GHSA-W24R-5266-9C3C...

8.1CVSS5.8AI score0.00246EPSS
Exploits0
vulnersOsv
vulnersOsv
โ€ขadded 2026/04/30 6:20 p.m.โ€ข8 views

@bentwnghk/chat (>=1.91.2 <=1.91.6), @lobehub/chat (>=1.49.5 <=1.49.12) +2 more potentially affected by CVE-2026-42349 via @clerk/nextjs (>=6.10.2 <=6.28.1)

@clerk/nextjs NPM version =6.10.2, =1.91.2, =1.49.5, =0.0.2, =0.17.1, =0.17.3-centauri.0 Source cves: CVE-2026-42349 Source advisory: OSV:GHSA-W24R-5266-9C3C...

8.1CVSS5.8AI score0.00246EPSS
Exploits0
vulnersOsv
vulnersOsv
โ€ขadded 2026/04/30 6:20 p.m.โ€ข9 views

@clerk/chrome-extension (>=3.0.1-canary.v20260303211310 <=3.1.15-snapshot.v20260421194054), @clerk/expo (>=3.0.1-canary.v20260303211310 <=3.2.2-snapshot.v20260421194054) +7 more potentially affected by CVE-2026-42349 via @clerk/react (>=6.0.1-canary.v20260303211310 <=6.4.3-snapshot.v20260421194054)

@clerk/react NPM version =6.0.1-canary.v20260303211310, =3.0.1-canary.v20260303211310, =3.0.1-canary.v20260303211310, =7.0.1-canary.v20260303211310, =3.0.1-canary.v20260303211310, =1.0.1-canary.v20260303211310, =2.0.0, =2.0.0, =0.20.1-dev-push, =0.20.3-dev-push, =0.20.4-dev-push Source cves:...

8.1CVSS5.8AI score0.00246EPSS
Exploits0
vulnersOsv
vulnersOsv
โ€ขadded 2026/04/30 6:20 p.m.โ€ข9 views

@clerk/chrome-extension (>=3.0.0 <=3.1.35-canary.v20260611003803), @clerk/expo (>=3.0.0 <=3.4.2-canary.v20260611003803) +3 more potentially affected by CVE-2026-42349 via @clerk/clerk-js (>=6.0.1-canary.v20260303211310 <=6.7.5-snapshot.v20260421194054)

@clerk/clerk-js NPM version =6.0.1-canary.v20260303211310, =3.0.0, =3.0.0, =0.2.13, =0.2.0, =0.8.3 - tauri-plugin-clerk =0.1.1 Source cves: CVE-2026-42349 Source advisory: SNYK:JS-CLERKCLERKJS-16347748...

8.1CVSS5.7AI score0.00246EPSS
Exploits0
Snyk
Snyk
โ€ขadded 2026/04/30 6:20 p.m.โ€ข7 views

Incorrect Authorization

Overview @clerk/nextjs is a Clerk SDK for NextJS Affected versions of this package are vulnerable to Incorrect Authorization through the createProtect and createCheckAuthorization functions. An attacker can gain access to protected pages or handlers by supplying a single auth.protect or has call...

7.6CVSS5.8AI score0.00246EPSS
Exploits0References3
Snyk
Snyk
โ€ขadded 2026/04/30 6:20 p.m.โ€ข8 views

Incorrect Authorization

Overview @clerk/clerk-js is a Clerk JS library Affected versions of this package are vulnerable to Incorrect Authorization through the createProtect and createCheckAuthorization functions. An attacker can gain access to protected pages or handlers by supplying a single auth.protect or has call th...

7.6CVSS5.8AI score0.00246EPSS
Exploits0References3
vulnersOsv
vulnersOsv
โ€ขadded 2026/04/30 6:20 p.m.โ€ข10 views

@unhook/cli (>=0.8.0 <=0.15.0) potentially affected by CVE-2026-42349 via @clerk/express (>=1.5.0 <=1.7.63)

@clerk/express NPM version =1.5.0, =0.8.0, =0.15.0 Source cves: CVE-2026-42349 Source advisory: OSV:GHSA-W24R-5266-9C3C...

8.1CVSS5.8AI score0.00246EPSS
Exploits0
Rows per page
Query Builder