@agent-native/core (>=0.26.5 <=0.28.5), @intlayer/backend (=8.7.0-canary.0) +6 more potentially affected by CVE-2026-45337 via better-auth (>=1.6.0 <=1.6.10)

better-auth NPM version =1.6.0, =0.26.5, =0.0.33, =0.2.0, =1.6.0, =0.1.2, =0.2.0 Source cves: CVE-2026-45337 Source advisory: SNYK:JS-BETTERAUTH-17173857...

@better-auth/cli (>=1.5.0-beta.10 <=1.5.0-beta.13), @onmax/nuxt-better-auth (>=0.0.2-alpha.14 <=0.0.2-alpha.32) +2 more potentially affected by CVE-2026-45364 via better-auth (>=1.5.0-beta.10 <=1.5.0-beta.20)

better-auth NPM version =1.5.0-beta.10, =1.5.0-beta.10, =0.0.2-alpha.14, =1.5.0-beta.15, =0.0.2-beta.19, =0.0.10-beta.25 Source cves: CVE-2026-45364 Source advisory: OSV:GHSA-P6V2-XCPG-H6XW...

9gen (>=0.0.23 <=0.1.1), @1sat/connect (>=0.0.15 <=0.0.68) +808 more potentially affected by unknown CVE via better-auth (>=1.0.0-canary.10 <=1.6.12)

better-auth NPM version =1.0.0-canary.10, =0.0.23, =0.0.15, =0.0.16, =0.0.1, =0.260505.5, =1.0.0, =0.6.1, =0.0.13, =0.3.3, =0.2.0, =0.0.110, =0.0.110, =0.1.41, =0.0.110, =2.0.0-beta.1 and more Source cves: unknown CVE Source advisory: SNYK:JS-BETTERAUTH-16722768...

@alstar/studio (=0.0.0-beta.20), @better-auth/cli (>=1.0.0 <=1.4.1-beta.1) +64 more potentially affected by CVE-2026-45364 via better-auth (>=1.0.0-canary.10 <=1.4.16)

better-auth NPM version =1.0.0-canary.10, =1.0.0, =1.3.27, =1.3.27, =1.3.27, =1.3.27, =1.3.27, =1.3.27, =1.3.26, =1.3.27, =0.18.0, =0.5.2, =1.0.2, =1.0.2, =1.0.2, =1.0.3 and more Source cves: CVE-2026-45364 Source advisory: SNYK:JS-BETTERAUTH-16722787...

@agentcorporation/server (>=0.3.3 <=0.3.13), @airisos/server (>=2026.324.0-canary.0 <=2026.325.0-canary.3) +150 more potentially affected by unknown CVE via better-auth (>=0.4.10-beta.10 <=1.4.4)

better-auth NPM version =0.4.10-beta.10, =0.3.3, =2026.324.0-canary.0, =2026.501.0, =2026.501.0, =0.0.7, =0.0.1, =1.3.27, =1.3.27, =1.3.27, =1.3.27, =1.3.27, =1.3.27, =1.3.26, =1.3.27, =1.3.37 and more Source cves: unknown CVE Source advisory: OSV:GHSA-X732-6J76-QMHM...

@agentcorporation/server (>=0.3.3 <=0.3.13), @airisos/server (>=2026.324.0-canary.0 <=2026.325.0-canary.3) +134 more potentially affected by unknown CVE via better-auth (>=0.4.10-beta.10 <=1.4.2-beta.5)

better-auth NPM version =0.4.10-beta.10, =0.3.3, =2026.324.0-canary.0, =2026.501.0, =2026.501.0, =0.0.1, =1.3.27, =1.3.27, =1.3.27, =1.3.27, =1.3.27, =1.3.27, =1.3.26, =1.3.27, =0.18.0, =1.9.7 and more Source cves: unknown CVE Source advisory: OSV:GHSA-569Q-MPPH-WGWW...

@agentcorporation/server (>=0.3.3 <=0.3.13), @airisos/server (>=2026.324.0-canary.0 <=2026.325.0-canary.3) +147 more potentially affected by unknown CVE via better-auth (>=1.0.0-canary.10 <=1.4.22)

better-auth NPM version =1.0.0-canary.10, =0.3.3, =2026.324.0-canary.0, =2026.501.0, =2026.501.0, =0.0.7, =1.0.0, =1.3.27, =1.3.27, =1.3.27, =1.3.27, =1.3.27, =1.3.27, =1.3.26, =1.3.27, =1.3.37 and more Source cves: unknown CVE Source advisory: SNYK:JS-BETTERAUTH-14157194...

@alstar/studio (=0.0.0-beta.20), @better-auth/cli (>=1.3.4 <=1.4.0-beta.28) +16 more potentially affected by unknown CVE via better-auth (>=1.3.34 <=1.4.0-beta.9)

better-auth NPM version =1.3.34, =1.3.4, =0.18.9, =0.5.2, =7.0.9-canary.2, =7.0.9-canary.2, =0.1.8, =0.1.0, =0.0.22, =0.10.0, =0.11.1-canary.15, =0.8.2, =0.0.10, =1.0.0, =1.0.4, =3.0.0 and more Source cves: unknown CVE Source advisory: SNYK:JS-BETTERAUTH-14135654...

@better-auth/cli (>=1.2.0 <=1.3.25), @bgord/bun (>=0.18.0 <=0.29.10) +17 more potentially affected by CVE-2025-61928 via better-auth (>=1.2.0-beta.18 <=1.3.25)

better-auth NPM version =1.2.0-beta.18, =1.2.0, =0.18.0, =0.5.11, =0.0.0, =0.1.174, =1.0.2, =1.0.5, =1.0.0, =0.0.5, =1.2.13, =3.7.1, =1.0.12, =1.1.0 and more Source cves: CVE-2025-61928 Source advisory: SNYK:JS-BETTERAUTH-13537497...

CVE-2025-27143 Beter Auth has an Open Redirect via Scheme-Less Callback Parameter

Better Auth is an authentication and authorization library for TypeScript. Prior to version 1.1.21, the application is vulnerable to an open redirect due to improper validation of the callbackURL parameter in the email verification endpoint and any other endpoint that accepts callback url. While...

CVE-2025-27143 Beter Auth has an Open Redirect via Scheme-Less Callback Parameter

Better Auth is an authentication and authorization library for TypeScript. Prior to version 1.1.21, the application is vulnerable to an open redirect due to improper validation of the callbackURL parameter in the email verification endpoint and any other endpoint that accepts callback url. While...