javascript — Vulnerabilities & Security Advisories 3

All 3 CVE vulnerabilities found in javascript, with AI-generated Chinese analysis, references, and POCs.

Vendor: clerk

CVE ID	Title	CVSS	Severity	Published
CVE-2026-34076	Clerk JavaScript: SSRF in the opt-in clerkFrontendApiProxy feature may leak secret keys to unintended host CWE-918	7.4	High	2026-04-01
CVE-2025-53548	@clerk/backend Performs Insufficient Verification of Data Authenticity CWE-345	7.5	High	2025-07-09
CVE-2024-22206	@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR) CWE-284	9.1	Critical	2024-01-12

All 3 known CVE vulnerabilities affecting javascript with full Chinese analysis, references, and POCs where available.