PT-2025-51688

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the libceph component, specifically in the handle auth session key function. This issue could lead to potential out-of-bounds writes due to...

PT-2025-48291

Name of the Vulnerable Software and Affected Versions Astro versions 5.15.7 and below Description Astro, a web framework, is affected by a double URL encoding bypass. This allows unauthenticated attackers to bypass path-based authentication checks in Astro middleware, potentially granting...

EUVD-2025-199765

Better Auth's multi-session sign-out hook allows forged cookies to revoke arbitrary sessions...

Session Fixation

Overview better-auth is a The most comprehensive authentication library for TypeScript. Affected versions of this package are vulnerable to Session Fixation via the constantTimeEqual function in the crypto/buffer.ts file. An attacker can cause arbitrary user sessions to be revoked by forging...

@alstar/studio (=0.0.0-beta.20), @better-auth/cli (>=1.3.4 <=1.4.0-beta.28) +16 more potentially affected by unknown CVE via better-auth (>=1.3.34 <=1.4.0-beta.9)

better-auth NPM version =1.3.34, =1.3.4, =0.18.9, =0.5.2, =7.0.9-canary.2, =7.0.9-canary.2, =0.1.8, =0.1.0, =0.0.22, =0.10.0, =0.11.1-canary.15, =0.8.2, =0.0.10, =1.0.0, =1.0.4, =3.0.0 and more Source cves: unknown CVE Source advisory: SNYK:JS-BETTERAUTH-14135654...

Malicious Package

Overview chai-auth is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

EUVD-2025-199705

Malicious code in chai-auth npm...

Malicious code in chai-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e842da1fade3683b329217bfdfa620ad7b15d9dbec35065dd295c074b45bfd2 The package chai-auth was found to contain malicious code. Source: ghsa-malware 24555b314815073bff432dc1005d3e9420050160c237c77c47db6297c6837a05 Any...

MAL-2025-191472 Malicious code in chai-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e842da1fade3683b329217bfdfa620ad7b15d9dbec35065dd295c074b45bfd2 The package chai-auth was found to contain malicious code. Source: ghsa-malware 24555b314815073bff432dc1005d3e9420050160c237c77c47db6297c6837a05 Any...

PT-2025-48151

Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the authRole method of SysUserController.java...

Authorization Bypass Through User-Controlled Key

Overview @better-auth/passkey is a Passkey plugin for Better Auth Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via a POST /passkey/delete-passkey request. An attacker can delete arbitrary passkeys belonging to other users by providing their...

EUVD-2025-199652

Better Auth Passkey Plugin allows passkey deletion through IDOR...

@appium/base-driver (>=10.0.0 <=10.1.1), @breautek/storm (>=9.0.0 <=9.2.4) +77 more potentially affected by CVE-2025-13466 via body-parser (=2.2.0)

body-parser NPM version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on body-parser and may be impacted: - @appium/base-driver =10.0.0, =9.0.0, =3.8.8, =1.114.0, =11.8.0, =3.4.0, =11.0.19, =0.1.0, =8.13.0, =4.0.1, =1.0.0-beta.2, =0.0.1-beta.0,...

Improper Removal of Sensitive Information Before Storage or Transfer

Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in the form of registry credentials in JSON output files. When registry authentication is configured, an attacker can obtain registry credentials or other values e.g...

MAL-2025-191228 Malicious code in @huntersofbook/auth-vue (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 974ee7f388d04b8f3f79de89e780575aab1d7ed2ea4d7ea1a52420d81911f993 The package @huntersofbook/auth-vue was found to contain malicious code. Source: google-open-source-security...

EUVD-2025-199500

Malicious code in @huntersofbook/auth-vue npm...

Malicious code in @productdevbook/auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 884cad7d1d5eb715a5945ab44c4acd884887a533f4c4334d0d88ccad9a7dd618 The package @productdevbook/auth was found to contain malicious code. Source: google-open-source-security...

MAL-2025-191302 Malicious code in @productdevbook/auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 884cad7d1d5eb715a5945ab44c4acd884887a533f4c4334d0d88ccad9a7dd618 The package @productdevbook/auth was found to contain malicious code. Source: google-open-source-security...

EUVD-2025-199268

Malicious code in ra-auth-firebase npm...

Malicious code in ra-auth-firebase (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ddebb70a73861543e5a68b94eb70a9b3e2fa3726a977ef776f8ef3fc75f0e76 The package ra-auth-firebase was found to contain malicious code. Source: ghsa-malware d4c20e629d2ccf83a4cc1a771392c0f879de71df77471d5e822fc511e415cb...