better-auth

12 known vulnerabilities · 0 critical · 0 high

Better Auth Open Redirect Vulnerability in originCheck Middleware Affects Multiple Routes

Published Jul 7, 2025

Beter Auth has an Open Redirect via Scheme-Less Callback Parameter

Published Feb 24, 2025

GHSA-569q-mpph-wgww

Better Auth affected by external request basePath modification DoS

Published Dec 1, 2025

Better Auth: Unauthenticated API key creation through api-key plugin

Published Oct 9, 2025

GHSA-9x4v-xfq5-m8x5

Better Auth URL parameter HTML Injection (Reflected Cross-Site scripting)

Published Feb 5, 2025

Better Auth has an Open Redirect Vulnerability in Verify Email Endpoint

Published Dec 30, 2024

GHSA-vp58-j275-797x

Better Auth allows bypassing the trustedOrigins Protection which leads to ATO

Published Feb 24, 2025

GHSA-wmjr-v86c-m9jj

Better Auth's multi-session sign-out hook allows forged cookies to revoke arbitrary sessions

Published Nov 26, 2025

GHSA-x732-6j76-qmhm

Better Auth's rou3 Dependency has Double-Slash Path Normalization which can Bypass disabledPaths Config and Rate Limits

Published Dec 16, 2025

GHSA-xg6x-h9c9-2m83

Better Auth Has Two-Factor Authentication Bypass via Premature Session Caching (session.cookieCache)

Published Apr 3, 2026

MAL-2025-191073

Malicious code in better-auth-nuxt (npm)

Published Nov 24, 2025

MAL-2025-191311

Malicious code in @silgi/better-auth (npm)

Published Nov 24, 2025

Check your entire dependency tree at onceRun dependency scan →