diff --git a/.changeset/js-cookie-security-bump.md b/.changeset/js-cookie-security-bump.md
new file mode 100644
index 00000000000..a0a6e56e59b
--- /dev/null
+++ b/.changeset/js-cookie-security-bump.md
@@ -0,0 +1,5 @@
+---
+"@clerk/shared": patch
+---
+
+Bump `js-cookie` to `3.0.7` to address GHSA-qjx8-664m-686j.
diff --git a/packages/shared/package.json b/packages/shared/package.json
index f32e69763dd..98af4884f80 100644
--- a/packages/shared/package.json
+++ b/packages/shared/package.json
@@ -156,7 +156,7 @@
     "csstype": "3.1.3",
     "dequal": "2.0.3",
     "glob-to-regexp": "0.4.1",
-    "js-cookie": "3.0.5",
+    "js-cookie": "3.0.7",
     "std-env": "^3.9.0",
     "swr": "2.3.4"
   },
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index f23f4cb8ce4..4f326e2369b 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -929,8 +929,8 @@ importers:
         specifier: 0.4.1
         version: 0.4.1
       js-cookie:
-        specifier: 3.0.5
-        version: 3.0.5
+        specifier: 3.0.7
+        version: 3.0.7
       react:
         specifier: 18.3.1
         version: 18.3.1
@@ -10306,9 +10306,9 @@ packages:
     engines: {node: '>=14'}
     hasBin: true
 
-  js-cookie@3.0.5:
-    resolution: {integrity: sha512-cEiJEAEoIbWfCZYKWhVwFuvPX1gETRYPw6LlaTKoxD3s2AkXzkCjnp6h0V77ozyqj0jakteJ4YqDJT830+lVGw==}
-    engines: {node: '>=14'}
+  js-cookie@3.0.7:
+    resolution: {integrity: sha512-z/wZZgDrkNV1eA0ULjM/F9/50Ya8fbzgKneSpoPsXSGd0KnpdtHfOZWK+GcwLk+EZbS4F9RBhU+K2RgzuDaItw==}
+    engines: {node: '>=20'}
 
   js-tiktoken@1.0.18:
     resolution: {integrity: sha512-hFYx4xYf6URgcttcGvGuOBJhTxPYZ2R5eIesqCaNRJmYH8sNmsfTeWg4yu//7u1VD/qIUkgKJTpGom9oHXmB4g==}
@@ -27297,10 +27297,10 @@ snapshots:
       config-chain: 1.1.13
       editorconfig: 1.0.4
       glob: 10.4.5
-      js-cookie: 3.0.5
+      js-cookie: 3.0.7
       nopt: 7.2.1
 
-  js-cookie@3.0.5: {}
+  js-cookie@3.0.7: {}
 
   js-tiktoken@1.0.18:
     dependencies: