pkg:npm/@clerk/nextjs

所有已知漏洞

• CRITICAL9.1CVE-2026-41248Official Clerk JavaScript SDKs: Middleware-based route protection bypass
  >= 5.0.0, < 5.7.6
• CRITICAL9.0CVE-2024-22206@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR)
  >= 4.7.0, < 4.29.3
• HIGH7.5CVE-2025-53548@clerk/backend Performs Insufficient Verification of Data Authenticity
  >= 6.2.10, < 6.23.3
• —CVE-2026-42349Clerk has an authorization bypass when combining organization, billing, or reverification checks
  >= 6.0.0, < 6.39.3