CVE-2026-42349
- EPSS 0.25%
- Veröffentlicht 11.05.2026 17:16:33
- Zuletzt bearbeitet 01.06.2026 16:33:43
Clerk JavaScript is the official JavaScript repository for Clerk authentication. has(), auth.protect(), and related authorization predicates in @clerk/shared, @clerk/nextjs, @clerk/backend, and other framework SDKs can return true for certain combine...
CVE-2026-34076
- EPSS 0.31%
- Veröffentlicht 01.04.2026 16:59:21
- Zuletzt bearbeitet 29.04.2026 20:58:46
Clerk JavaScript is the official JavaScript repository for Clerk authentication. In @clerk/hono from versions 0.1.0 to before 0.1.5, @clerk/express from versions 2.0.0 to before 2.0.7, @clerk/backend from versions 3.0.0 to before 3.2.3, and @clerk/fa...
CVE-2025-53548
- EPSS 0.15%
- Veröffentlicht 09.07.2025 17:12:10
- Zuletzt bearbeitet 15.04.2026 00:35:42
Clerk helps developers build user management. Applications that use the verifyWebhook() helper to verify incoming Clerk webhooks are susceptible to accepting improperly signed webhook events. The issue was resolved in @clerk/backend 2.4.0.
CVE-2024-22206
- EPSS 0.68%
- Veröffentlicht 12.01.2024 20:15:47
- Zuletzt bearbeitet 21.11.2024 08:55:47
Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3.