Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm

@clerk/express

npm

Clerk server SDK for usage with Express

View on github.com · View on npmjs.org

Security Advisories for @clerk/express in npm

High
about 1 month ago

Clerk has an authorization bypass when combining organization, billing, or reverification checks GSA_kwCzR0hTQS13MjRyLTUyNjYtOWMzY84ABV-G

npm @clerk/hono, @clerk/express, @clerk/fastify, @clerk/chrome-extension, @clerk/tanstack-react-start, @clerk/react-router, @clerk/expo, @clerk/clerk-expo, @clerk/nuxt, @clerk/astro, @clerk/vue, @clerk/react, @clerk/clerk-react, @clerk/clerk-js, @clerk/nextjs, @clerk/backend, @clerk/shared
High
2 months ago

Clerk: SSRF in the opt-in clerkFrontendApiProxy feature may leak secret keys to unintended host GSA_kwCzR0hTQS1nanh4LTkydzktOHY4Zs4ABUZf

npm @clerk/fastify, @clerk/hono, @clerk/express, @clerk/backend
High
11 months ago

@clerk/backend Performs Insufficient Verification of Data Authenticity GSA_kwCzR0hTQS05bXA0LTc3d2ctcnd4Oc4ABJ9w

npm @clerk/tanstack-react-start, @clerk/remix, @clerk/react-router, @clerk/nuxt, @clerk/nextjs, @clerk/fastify, @clerk/express, @clerk/astro, @clerk/backend
Potential
Critical
over 2 years ago

@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR) GSA_kwCzR0hTQS1xNnc1LWpnNXEtNDd2Z84AA4bF

npm @clerk/nextjs

Filter by Severity

High 3 Critical 1