Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-w24r-5266-9c3c
  • npm/@clerk/astro
  • npm/@clerk/backend
  • npm/@clerk/chrome-extension
  • npm/@clerk/clerk-expo
  • npm/@clerk/clerk-js
  • ... 12 more
 Clerk has an authorization bypass when combining organization, billing, or reverification checks 30 Apr
  • Fix available
  • Severity - 7.6 (High)
MAL-2026-2828
  • npm/express-security-policy
 Malicious code in express-security-policy (npm) 17 Apr
  • No fix available
MAL-2026-2771
  • npm/icims-express-dot-engine
 Malicious code in icims-express-dot-engine (npm) 16 Apr
  • No fix available
MAL-2026-2759
  • npm/express-auth-basic
 Malicious code in express-auth-basic (npm) 16 Apr
  • No fix available
GHSA-6hw5-45gm-fj88
  • npm/@fastify/express
 @fastify/express has a middleware authentication bypass via URL normalization gaps (duplicate slashes and semicolons) 16 Apr
  • Fix available
  • Severity - 9.1 (Critical)
GHSA-hrwm-hgmj-7p9c
  • npm/@fastify/express
 @fastify/express's middleware path doubling causes authentication bypass in child plugin scopes 16 Apr
  • Fix available
  • Severity - 9.1 (Critical)
MAL-2026-2901
  • npm/env_express
 Malicious code in env_express (npm) 15 Apr
  • No fix available
MAL-2026-2445
  • npm/pro-express
 Malicious code in pro-express (npm) 02 Apr
  • No fix available
MAL-2026-2419
  • npm/express-session-js
 Malicious code in express-session-js (npm) 02 Apr
  • No fix available
GHSA-gjxx-92w9-8v8f
  • npm/@clerk/backend
  • npm/@clerk/express
  • npm/@clerk/fastify
  • npm/@clerk/hono
 Clerk: SSRF in the opt-in clerkFrontendApiProxy feature may leak secret keys to unintended host 27 Mar
  • Fix available
  • Severity - 7.4 (High)
GHSA-3843-rr4g-m8jq
  • npm/express-xss-sanitizer
 Express XSS Sanitizer: allowedTags/allowedAttributes bypass leads to permissive sanitization (XSS risk) 27 Mar
  • Fix available
  • Severity - 8.2 (High)
MAL-2026-2362
  • npm/env-express-cli
 Malicious code in env-express-cli (npm) 24 Mar
  • No fix available
MAL-2026-2361
  • npm/env-express
 Malicious code in env-express (npm) 24 Mar
  • No fix available
MAL-2026-2358
  • npm/env-cli-express
 Malicious code in env-cli-express (npm) 24 Mar
  • No fix available
MAL-2026-2350
  • npm/dotenv-express
 Malicious code in dotenv-express (npm) 24 Mar
  • No fix available
MAL-2026-2128
  • npm/express-session-vailidator
 Malicious code in express-session-vailidator (npm) 24 Mar
  • No fix available
Load more...