Package impact
npm / @clerk/backend
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42349 | high | — | 8.0 | 18d ago | Clerk has an authorization bypass when combining organization, billing, or reverification checks | |||
| CVE-2026-34076 | high | 7.4 | 7.4 | 2mo ago | Clerk: SSRF in the opt-in clerkFrontendApiProxy feature may leak secret keys to unintended host | |||
| CVE-2025-53548 | unknown | — | — | 11mo ago | @clerk/backend Performs Insufficient Verification of Data Authenticity |