Package impact
npm / @clerk/nextjs
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-41248 | critical | 9.1 | 9.1 | 1mo ago | Official Clerk JavaScript SDKs: Middleware-based route protection bypass | |||
| CVE-2026-42349 | high | 8.1 | 8.1 | 24d ago | Clerk JavaScript is the official JavaScript repository for Clerk authentication. has(), auth.protect(), and related authorization predicates in @clerk/shared, @clerk/nextjs, @clerk/backend, and other… | |||
| CVE-2025-53548 | unknown | — | — | 11mo ago | @clerk/backend Performs Insufficient Verification of Data Authenticity | |||
| CVE-2024-22206 | unknown | — | — | 2y ago | @clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR) |