3 matches found
@clerk/chrome-extension (>=3.0.0 <=3.1.35-canary.v20260611003803), @clerk/expo (>=3.0.0 <=3.4.2-canary.v20260611003803) +3 more potentially affected by CVE-2026-42349 via @clerk/clerk-js (>=6.0.1-canary.v20260303211310 <=6.7.5-snapshot.v20260421194054)
@clerk/clerk-js NPM version =6.0.1-canary.v20260303211310, =3.0.0, =3.0.0, =0.2.13, =0.2.0, =0.8.3 - tauri-plugin-clerk =0.1.1 Source cves: CVE-2026-42349 Source advisory: SNYK:JS-CLERKCLERKJS-16347748...
Malicious code in cooni-expo (npm)
The package cooni-expo was found to contain malicious code...
Insufficiently Protected Credentials
Overview expo is an umbrella package that contains the client-side code for accessing system functionality such as contacts, camera, and location in Expo apps. Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the Expo AuthSession Redirect Proxy process...