better-auth

npm4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting better-authpage 1 of 1

CVE-2024-56734MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.1.6
2024-12-30
Better Auth is an authentication library for TypeScript. An open redirect vulnerability has been identified in the verify email endpoint of all versions of Better Auth prior to v1.1.6, potentially allowing attackers to redirect users to ma…
CVE-2025-27143MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.1.20
2025-02-24
Better Auth is an authentication and authorization library for TypeScript. Prior to version 1.1.21, the application is vulnerable to an open redirect due to improper validation of the callbackURL parameter in the email verification endpoin…
CVE-2025-53535LOWCVSS 2.1EG 0.0✓ Fixed in 1.2.10
2025-07-07
Better Auth is an authentication and authorization library for TypeScript. An open redirect has been found in the originCheck middleware function, which affects the following routes: /verify-email, /reset-password/:token, /delete-user/call…
CVE-2025-61928CRITICALCVSS 9.3EG 0.0✓ Fixed in 1.3.26
2025-10-09
Better Auth is an authentication and authorization library for TypeScript. In versions prior to 1.3.26, unauthenticated attackers can create or modify API keys for any user by passing that user's id in the request body to the `api/auth/api…

Check whether better-auth is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for better-auth CVEs against the assets you own.

Start Free Scan →