Session Fixation

Overview better-auth is a The most comprehensive authentication library for TypeScript. Affected versions of this package are vulnerable to Session Fixation via the constantTimeEqual function in the crypto/buffer.ts file. An attacker can cause arbitrary user sessions to be revoked by forging...

@alstar/studio (=0.0.0-beta.20), @better-auth/cli (>=1.3.4 <=1.4.0-beta.28) +24 more potentially affected by unknown CVE via better-auth (>=1.3.34 <=1.4.0-beta.9)

better-auth NPM version =1.3.34, =1.3.4, =0.18.9, =0.5.2, =0.0.9, =0.0.9, =0.0.9, =0.0.3, =0.0.9, =0.0.8, =0.0.11, =0.0.9, =7.0.9-canary.2, =7.0.9-canary.2, =0.1.8, =0.1.9 and more Source cves: unknown CVE Source advisory: SNYK:JS-BETTERAUTH-14135654...

MAL-2025-191472 Malicious code in chai-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e842da1fade3683b329217bfdfa620ad7b15d9dbec35065dd295c074b45bfd2 The package chai-auth was found to contain malicious code. Source: ghsa-malware 24555b314815073bff432dc1005d3e9420050160c237c77c47db6297c6837a05 Any...

Malicious code in chai-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e842da1fade3683b329217bfdfa620ad7b15d9dbec35065dd295c074b45bfd2 The package chai-auth was found to contain malicious code. Source: ghsa-malware 24555b314815073bff432dc1005d3e9420050160c237c77c47db6297c6837a05 Any...

Malicious Package

Overview chai-auth is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

EUVD-2025-199705

Malicious code in chai-auth npm...

PT-2025-48151

Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the authRole method of SysUserController.java...

EUVD-2025-199652

Better Auth Passkey Plugin allows passkey deletion through IDOR...

Authorization Bypass Through User-Controlled Key

Overview @better-auth/passkey is a Passkey plugin for Better Auth Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via a POST /passkey/delete-passkey request. An attacker can delete arbitrary passkeys belonging to other users by providing their...

@appium/base-driver (>=10.0.0 <=10.1.1), @breautek/storm (>=9.0.0 <=9.2.4) +77 more potentially affected by CVE-2025-13466 via body-parser (=2.2.0)

body-parser NPM version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on body-parser and may be impacted: - @appium/base-driver =10.0.0, =9.0.0, =3.8.8, =1.114.0, =11.8.0, =3.4.0, =11.0.19, =0.1.0, =8.13.0, =4.0.1, =1.0.0-beta.2, =0.0.1-beta.0,...

Improper Removal of Sensitive Information Before Storage or Transfer

Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in the form of registry credentials in JSON output files. When registry authentication is configured, an attacker can obtain registry credentials or other values e.g...

MAL-2025-191302 Malicious code in @productdevbook/auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 884cad7d1d5eb715a5945ab44c4acd884887a533f4c4334d0d88ccad9a7dd618 The package @productdevbook/auth was found to contain malicious code. Source: google-open-source-security...

MAL-2025-191228 Malicious code in @huntersofbook/auth-vue (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 974ee7f388d04b8f3f79de89e780575aab1d7ed2ea4d7ea1a52420d81911f993 The package @huntersofbook/auth-vue was found to contain malicious code. Source: google-open-source-security...

Malicious code in @productdevbook/auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 884cad7d1d5eb715a5945ab44c4acd884887a533f4c4334d0d88ccad9a7dd618 The package @productdevbook/auth was found to contain malicious code. Source: google-open-source-security...

EUVD-2025-199500

Malicious code in @huntersofbook/auth-vue npm...

MAL-2025-191413 Malicious code in ra-auth-firebase (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ddebb70a73861543e5a68b94eb70a9b3e2fa3726a977ef776f8ef3fc75f0e76 The package ra-auth-firebase was found to contain malicious code. Source: ghsa-malware d4c20e629d2ccf83a4cc1a771392c0f879de71df77471d5e822fc511e415cb...

EUVD-2025-199268

Malicious code in ra-auth-firebase npm...

Malicious code in ra-auth-firebase (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ddebb70a73861543e5a68b94eb70a9b3e2fa3726a977ef776f8ef3fc75f0e76 The package ra-auth-firebase was found to contain malicious code. Source: ghsa-malware d4c20e629d2ccf83a4cc1a771392c0f879de71df77471d5e822fc511e415cb...

EUVD-2025-199293

Malicious code in @silgi/better-auth npm...

MAL-2025-191311 Malicious code in @silgi/better-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 528101596869077cdc065844f592e42299e9806c92d2b4f6f145ccd18194fdd5 The package @silgi/better-auth was found to contain malicious code. Source: ghsa-malware...