Lucene search
K

88 matches found

vulnersOsv
vulnersOsv
added 2025/12/01 9:29 p.m.9 views

@agentcorporation/server (>=0.3.3 <=0.3.13), @airisos/server (>=2026.324.0-canary.0 <=2026.325.0-canary.3) +137 more potentially affected by unknown CVE via better-auth (>=0.4.10-beta.10 <=1.4.2-beta.5)

better-auth NPM version =0.4.10-beta.10, =0.3.3, =2026.324.0-canary.0, =2026.501.0, =2026.501.0, =0.0.1, =1.3.27, =1.3.27, =1.3.27, =1.3.27, =1.3.27, =1.3.27, =1.3.26, =1.3.27, =0.18.0, =1.9.7 and more Source cves: unknown CVE Source advisory: OSV:GHSA-569Q-MPPH-WGWW...

5.7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2025/12/01 9:29 p.m.17 views

Better Auth affected by external request basePath modification DoS

Summary Affected versions of Better Auth allow an external request to configure baseURL when it isn’t defined through any other means. This can be abused to poison the router’s base path, causing all routes to return 404 for all users. This issue is only exploitable when baseURL is not explicitly...

7.2AI score
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/11/26 10:11 p.m.4 views

EUVD-2025-199765

Better Auth's multi-session sign-out hook allows forged cookies to revoke arbitrary sessions...

6.5AI score
Exploits0References4
vulnersOsv
vulnersOsv
added 2025/11/26 10:11 p.m.8 views

@alstar/studio (=0.0.0-beta.20), @better-auth/cli (>=1.3.4 <=1.4.0-beta.28) +16 more potentially affected by unknown CVE via better-auth (>=1.3.34 <=1.4.0-beta.9)

better-auth NPM version =1.3.34, =1.3.4, =0.18.9, =0.5.2, =7.0.9-canary.2, =7.0.9-canary.2, =0.1.8, =0.1.0, =0.0.22, =0.10.0, =0.11.1-canary.15, =0.8.2, =0.0.10, =1.0.0, =1.0.4, =3.0.0 and more Source cves: unknown CVE Source advisory: SNYK:JS-BETTERAUTH-14135654...

5.5AI score
Exploits0
Snyk
Snyk
added 2025/11/26 10:11 p.m.2 views

Session Fixation

Overview better-auth is a The most comprehensive authentication library for TypeScript. Affected versions of this package are vulnerable to Session Fixation via the constantTimeEqual function in the crypto/buffer.ts file. An attacker can cause arbitrary user sessions to be revoked by forging...

7.3CVSS7.1AI score
Exploits0References2
Snyk
Snyk
added 2025/11/25 9:42 p.m.3 views

Authorization Bypass Through User-Controlled Key

Overview @better-auth/passkey is a Passkey plugin for Better Auth Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via a POST /passkey/delete-passkey request. An attacker can delete arbitrary passkeys belonging to other users by providing their...

6CVSS6.9AI score
Exploits0References3
EUVD
EUVD
added 2025/11/25 9:42 p.m.6 views

EUVD-2025-199652

Better Auth Passkey Plugin allows passkey deletion through IDOR...

6.4AI score
Exploits0References3
EUVD
EUVD
added 2025/11/24 11:25 p.m.4 views

EUVD-2025-199293

Malicious code in @silgi/better-auth npm...

6.6AI score
Exploits0References4
OSV
OSV
added 2025/11/24 11:25 p.m.12 views

MAL-2025-191311 Malicious code in @silgi/better-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 528101596869077cdc065844f592e42299e9806c92d2b4f6f145ccd18194fdd5 The package @silgi/better-auth was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/24 11:25 p.m.7 views

Malicious code in @silgi/better-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 528101596869077cdc065844f592e42299e9806c92d2b4f6f145ccd18194fdd5 The package @silgi/better-auth was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References4
EUVD
EUVD
added 2025/11/24 10:52 p.m.4 views

EUVD-2025-199169

Malicious code in better-auth-nuxt npm...

6.6AI score
Exploits0References1
OSV
OSV
added 2025/11/24 10:52 p.m.4 views

MAL-2025-191073 Malicious code in better-auth-nuxt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63a2c1f5ccee32dc0e1c83e0664d434add6b894caa54c57f137fe0367cba558f The package better-auth-nuxt was found to contain malicious code. Source: ghsa-malware 14fe0837bf9131779e90c6a1e8530acbe2d811b2df09dfa25d2d86c5a151c0...

6.8AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/24 10:52 p.m.7 views

Malicious code in better-auth-nuxt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63a2c1f5ccee32dc0e1c83e0664d434add6b894caa54c57f137fe0367cba558f The package better-auth-nuxt was found to contain malicious code. Source: ghsa-malware 14fe0837bf9131779e90c6a1e8530acbe2d811b2df09dfa25d2d86c5a151c0...

6.9AI score
Exploits0References4
OSV
OSV
added 2025/10/09 9:24 p.m.6 views

CVE-2025-61928 Better Auth: Unauthenticated API key creation through api-key plugin

Better Auth is an authentication and authorization library for TypeScript. In versions prior to 1.3.26, unauthenticated attackers can create or modify API keys for any user by passing that user's id in the request body to the api/auth/api-key/create route. session?.user ?? authRequired ? null : i...

9.3CVSS7.1AI score0.18012EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/09 9:24 p.m.4 views

CVE-2025-61928 Better Auth: Unauthenticated API key creation through api-key plugin

Better Auth is an authentication and authorization library for TypeScript. In versions prior to 1.3.26, unauthenticated attackers can create or modify API keys for any user by passing that user's id in the request body to the api/auth/api-key/create route. session?.user ?? authRequired ? null : i...

9.3CVSS6.8AI score0.18012EPSS
Exploits0References2
CVE
CVE
added 2025/10/09 9:24 p.m.46 views

CVE-2025-61928

CVE-2025-61928 affects Better Auth (TypeScript) prior to version 1.3.26. The vulnerability allows unauthenticated attackers to create or modify API keys for any user by supplying the target user’s id in the request body to api/auth/api-key/create (and similarly in the update endpoint). The issue ...

9.3CVSS6.8AI score0.18012EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/09 3:40 p.m.6 views

Missing Authentication for Critical Function

Overview better-auth is a The most comprehensive authentication library for TypeScript. Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the api-key plugin's create endpoints. An attacker can gain unauthorized access to any user's account by...

10CVSS7.3AI score0.18012EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/10/09 3:40 p.m.9 views

@better-auth/cli (>=0.0.1 <=1.3.25), @bgord/bun (>=0.18.0 <=0.29.10) +21 more potentially affected by CVE-2025-61928 via better-auth (>=0.4.10-beta.10 <=1.3.25)

better-auth NPM version =0.4.10-beta.10, =0.0.1, =0.18.0, =0.5.11, =0.0.0, =0.1.174, =1.0.2, =1.0.5, =1.0.0, =0.0.5, =0.0.5, =1.1.368, =1.2.13, =1.2.106 and more Source cves: CVE-2025-61928 Source advisory: OSV:GHSA-99H5-PJCV-GR6V...

9.3CVSS7.5AI score0.18012EPSS
Exploits0
EUVD
EUVD
added 2025/10/09 3:40 p.m.6 views

EUVD-2025-33358

Better Auth: Unauthenticated API key creation through api-key plugin...

6.4AI score
Exploits0References3
vulnersOsv
vulnersOsv
added 2025/10/09 3:40 p.m.7 views

@better-auth/cli (>=1.2.0 <=1.3.25), @bgord/bun (>=0.18.0 <=0.29.10) +17 more potentially affected by CVE-2025-61928 via better-auth (>=1.2.0-beta.18 <=1.3.25)

better-auth NPM version =1.2.0-beta.18, =1.2.0, =0.18.0, =0.5.11, =0.0.0, =0.1.174, =1.0.2, =1.0.5, =1.0.0, =0.0.5, =1.2.13, =3.7.1, =1.0.12, =1.1.0 and more Source cves: CVE-2025-61928 Source advisory: SNYK:JS-BETTERAUTH-13537497...

9.3CVSS7.5AI score0.18012EPSS
Exploits0
Rows per page
Query Builder