Browse all 4 CVE security advisories affecting clerk. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-41248 | Official Clerk JavaScript SDKs: Middleware-based route protection bypass — astroCWE-436 | 9.1 | Critical | 2026-04-24 |
| CVE-2026-34076 | Clerk JavaScript: SSRF in the opt-in clerkFrontendApiProxy feature may leak secret keys to unintended host — javascriptCWE-918 | 7.4 | High | 2026-04-01 |
| CVE-2025-53548 | @clerk/backend Performs Insufficient Verification of Data Authenticity — javascriptCWE-345 | 7.5 | High | 2025-07-09 |
| CVE-2024-22206 | @clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR) — javascriptCWE-284 | 9.1 | Critical | 2024-01-12 |
This page lists every published CVE security advisory associated with clerk. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.