Filtered by vendor Clerk
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-63700 | 1 Clerk | 1 Javascript | 2025-12-03 | 7.5 High |
| An issue was discovered in clerk-js 5.88.0 allowing attackers to bypass the OAuth authentication flow by manipulating the request at the OTP verification stage. NOTE: this is disputed by the Supplier because there is no available information to reproduce the issue, and because an OAuth authentication flow issue would be fixed in a backend component, not within clerk-js itself (which is solely a frontend component). | ||||
| CVE-2022-3907 | 1 Clerk | 1 Clerk.io | 2025-04-23 | 7.5 High |
| The Clerk WordPress plugin before 4.0.0 is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options. | ||||
| CVE-2024-22206 | 1 Clerk | 1 Javascript | 2024-11-21 | 9.1 Critical |
| Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3. | ||||
Page 1 of 1.