VYPR

npm package

@clerk/shared

pkg:npm/%40clerk/shared

Vulnerabilities (2)

  • CVE-2026-42349HigMay 11, 2026
    affected >= 3.0.0, < 3.47.5fixed 3.47.5

    Clerk JavaScript is the official JavaScript repository for Clerk authentication. has(), auth.protect(), and related authorization predicates in @clerk/shared, @clerk/nextjs, @clerk/backend, and other framework SDKs can return true for certain combined authorization checks when th

  • CVE-2026-41248CriApr 24, 2026
    affected >= 2.20.17, < 2.22.1fixed 2.22.1

    Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and @clerk/astro can be bypassed by certain crafted requests, allowing them to skip middleware gating and reach downstream handlers. This vulnerabili