pkg:npm/@clerk/clerk-js

2 total CVEsHIGH1

✅ Check your installed version

All known vulnerabilities

  • HIGH7.5CVE-2025-63700Clerk-js vulnerable to bypass of OAuth authentication flow by manipulating request at OTP verification stage
    from 0, <= 5.88.0
  • CVE-2026-42349Clerk has an authorization bypass when combining organization, billing, or reverification checks
    >= 5.22.0, < 5.125.10
npm/@clerk/clerk-js — 2 CVEs · VulnScope