Clerk Javascript
4 CVEs affecting Clerk Javascript. Latest disclosed: 2026-05-11. Critical: 1, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-22206 | Critical | 9.1 | 2024-01-12 | Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the P… |
CVE-2026-42349 | High | 8.1 | 2026-05-11 | Clerk JavaScript is the official JavaScript repository for Clerk authentication. has(), auth.protect(), and related authorization predicates in @clerk/shared… |
CVE-2025-53548 | High | 7.5 | 2025-07-09 | Clerk helps developers build user management. Applications that use the verifyWebhook() helper to verify incoming Clerk webhooks are susceptible to accepting i… |
CVE-2026-34076 | High | 7.4 | 2026-04-01 | Clerk JavaScript is the official JavaScript repository for Clerk authentication. In @clerk/hono from versions 0.1.0 to before 0.1.5, @clerk/express from versio… |