← Back

Clerk

clerk

3 CVEs • 19 products

Products (19)

Click to collapse
Toggle
Clerk.io
clerk.io
1 CVE
Javascript
javascript
1 CVE
Clerk/astro
clerk/astro
1 CVE
Clerk/backend
clerk/backend
1 CVE
Clerk/chrome Extension
clerk/chrome-extension
1 CVE
Clerk/clerk Expo
clerk/clerk-expo
1 CVE
Clerk/clerk Js
clerk/clerk-js
1 CVE
Clerk/clerk React
clerk/clerk-react
1 CVE
Clerk/expo
clerk/expo
1 CVE
Clerk/express
clerk/express
1 CVE
Clerk/fastify
clerk/fastify
1 CVE
Clerk/hono
clerk/hono
1 CVE
Clerk/nextjs
clerk/nextjs
1 CVE
Clerk/nuxt
clerk/nuxt
1 CVE
Clerk/react
clerk/react
1 CVE
Clerk/react Router
clerk/react-router
1 CVE
Clerk/shared
clerk/shared
1 CVE
Clerk/tanstack React Start
clerk/tanstack-react-start
1 CVE
Clerk/vue
clerk/vue
1 CVE

CVEs (3)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2026-42349
1Clerk
17Clerk/astro
Clerk/backendClerk/chrome Extension+14 more
Jun 1, 2026
May 11, 2026
7.6 HIGH· v4
8.1 HIGH· v3
N/A· v2
Clerk JavaScript is the official JavaScript repository for Clerk authentication. has(), auth.protect(), and related authorization predicates in @clerk/shared, @clerk/nextjs, @clerk/backend, and other framework SDKs can r...Show more
Clerk JavaScript is the official JavaScript repository for Clerk authentication. has(), auth.protect(), and related authorization predicates in @clerk/shared, @clerk/nextjs, @clerk/backend, and other framework SDKs can return true for certain combined authorization checks when the result should be false, allowing a gated action to proceed for a user who does not satisfy the full set of requested conditions. This call shape can be bypassed if certain conditions are met: a has() or auth.protect() call that combines a reverification check with any of role, permission, feature, or plan, or that combines a billing check (feature or plan) with a role or permission check. This vulnerability is fixed in @clerk/clerk-js 5.125.10 and 6.7.5.Show less
CVE-2024-22206
1Clerk
1Javascript
Nov 21, 2024
Jan 12, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3...Show more
Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3. Show less
CVE-2022-3907
2Clerk
Clerk.io
2Clerk.io
Clerk.io
Jun 8, 2026
Dec 5, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
The Clerk WordPress plugin before 4.0.0 is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site op...Show more
The Clerk WordPress plugin before 4.0.0 is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options.Show less