14 matches found
CVE-2026-42349
Clerk JavaScript is the official JavaScript repository for Clerk authentication. has, auth.protect, and related authorization predicates in @clerk/shared, @clerk/nextjs, @clerk/backend, and other framework SDKs can return true for certain combined authorization checks when the result should be...
CVE-2026-42349
Clerk JavaScript is the official JavaScript repository for Clerk authentication. has, auth.protect, and related authorization predicates in @clerk/shared, @clerk/nextjs, @clerk/backend, and other framework SDKs can return true for certain combined authorization checks when the result should be...
CVE-2026-42349
Clerk JavaScript is the official JavaScript repository for Clerk authentication. has, auth.protect, and related authorization predicates in @clerk/shared, @clerk/nextjs, @clerk/backend, and other framework SDKs can return true for certain combined authorization checks when the result should be...
CVE-2026-42349 Clerk: Authorization bypass when combining organization, billing, or reverification checks
Clerk JavaScript is the official JavaScript repository for Clerk authentication. has, auth.protect, and related authorization predicates in @clerk/shared, @clerk/nextjs, @clerk/backend, and other framework SDKs can return true for certain combined authorization checks when the result should be...
Official Clerk JavaScript SDKs 代码问题漏洞
The Official Clerk JavaScript SDKs are an open-source repository for Clerk authentication purposes. These SDKs have code vulnerabilities that can lead to false positives during authorization checks. This occurs when functions like has and auth.protect, along with related authorization predicates,...
Incorrect Authorization
Overview @clerk/clerk-js is a Clerk JS library Affected versions of this package are vulnerable to Incorrect Authorization through the createProtect and createCheckAuthorization functions. An attacker can gain access to protected pages or handlers by supplying a single auth.protect or has call th...
CVE-2026-41248 Official Clerk JavaScript SDKs: Middleware-based route protection bypass
Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and @clerk/astro can be bypassed by certain crafted requests, allowing them to skip middleware gating and reach downstream handlers. This vulnerability is fixed in...
CVE-2026-41248 Official Clerk JavaScript SDKs: Middleware-based route protection bypass
Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and @clerk/astro can be bypassed by certain crafted requests, allowing them to skip middleware gating and reach downstream handlers. This vulnerability is fixed in...
CVE-2026-34076
Clerk JavaScript is the official JavaScript repository for Clerk authentication. In @clerk/hono from versions 0.1.0 to before 0.1.5, @clerk/express from versions 2.0.0 to before 2.0.7, @clerk/backend from versions 3.0.0 to before 3.2.3, and @clerk/fastify from versions 3.1.0 to before 3.1.5, the...
编号撤回
Official Clerk JavaScript SDKs is a Clerk open source official Javascript repository for Clerk authentication. A security vulnerability exists in the Official Clerk JavaScript SDKs version 5.88.0 that originates from an attacker being able to bypass the OAuth authentication process, potentially...
CVE-2025-63700
Clerk-js 5.88.0 contains a security issue where an attacker can bypass the OAuth authentication flow by manipulating the OTP verification request. The publicly documented evidence across sources (Red Hat CVE notes, EUVD, GHSA advisory, and OSV/GHSA mirrors) consistently reference the OTP verifica...
CVE-2025-63700
...
Official Clerk JavaScript SDKs 数据伪造问题漏洞
Official Clerk JavaScript SDKs is a Clerk open source official Javascript repository for Clerk authentication. A data forgery vulnerability exists in the Official Clerk JavaScript SDKs, which stems from insufficient verifyWebhook validation and may result in the acceptance of unsigned webhook...
Official Clerk JavaScript SDKs Security Vulnerabilities
Official Clerk JavaScript SDKs is an official Javascript repository for Clerk authentication open-sourced by Clerk. A security vulnerability exists in the Official Clerk JavaScript SDKs version 4.7.0 up to and including 4.29.3, which stems from a logic flaw in auth in App Router or getAuth in Pag...