Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40clerk/nextjs@5.0.1-canary.v9180c8b
Typenpm
Namespace@clerk
Namenextjs
Version5.0.1-canary.v9180c8b
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.7.6
Latest_non_vulnerable_version7.2.4
Affected_by_vulnerabilities
0
url VCID-4w9e-45wx-5kar
vulnerability_id VCID-4w9e-45wx-5kar
summary Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and @clerk/astro can be bypassed by certain crafted requests, allowing them to skip middleware gating and reach downstream handlers. This vulnerability is fixed in @clerk/astro 1.5.7, 2.17.10, and 3.0.15; @clerk/nextjs 5.7.6, 6.39.2, and 7.2.1; @clerk/nuxt 1.13.28 and 2.2.2; and @clerk/shared 2.22.1, 3.47.4, anc 4.8.1
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-41248
reference_id
reference_type
scores
0
value 0.00096
scoring_system epss
scoring_elements 0.2674
published_at 2026-06-14T12:55:00Z
1
value 0.00096
scoring_system epss
scoring_elements 0.26539
published_at 2026-06-11T12:55:00Z
2
value 0.00096
scoring_system epss
scoring_elements 0.26756
published_at 2026-06-13T12:55:00Z
3
value 0.00096
scoring_system epss
scoring_elements 0.26742
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-41248
1
reference_url https://github.com/clerk/javascript
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/clerk/javascript
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-41248
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-41248
3
reference_url https://github.com/advisories/GHSA-vqx2-fgx2-5wq9
reference_id GHSA-vqx2-fgx2-5wq9
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vqx2-fgx2-5wq9
4
reference_url https://github.com/clerk/javascript/security/advisories/GHSA-vqx2-fgx2-5wq9
reference_id GHSA-vqx2-fgx2-5wq9
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-27T13:46:14Z/
url https://github.com/clerk/javascript/security/advisories/GHSA-vqx2-fgx2-5wq9
fixed_packages
0
url pkg:npm/%40clerk/nextjs@5.7.6
purl pkg:npm/%40clerk/nextjs@5.7.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540clerk/nextjs@5.7.6
1
url pkg:npm/%40clerk/nextjs@6.39.2
purl pkg:npm/%40clerk/nextjs@6.39.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sumx-ubek-sbhe
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540clerk/nextjs@6.39.2
2
url pkg:npm/%40clerk/nextjs@7.2.1
purl pkg:npm/%40clerk/nextjs@7.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sumx-ubek-sbhe
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540clerk/nextjs@7.2.1
aliases CVE-2026-41248, GHSA-vqx2-fgx2-5wq9
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4w9e-45wx-5kar
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540clerk/nextjs@5.0.1-canary.v9180c8b