CVE-2025-61928
- EPSS 0.21%
- Veröffentlicht 09.10.2025 21:24:37
- Zuletzt bearbeitet 14.10.2025 19:37:28
Better Auth is an authentication and authorization library for TypeScript. In versions prior to 1.3.26, unauthenticated attackers can create or modify API keys for any user by passing that user's id in the request body to the `api/auth/api-key/create...
CVE-2025-53535
- EPSS 0.08%
- Veröffentlicht 07.07.2025 17:15:52
- Zuletzt bearbeitet 08.07.2025 16:18:34
Better Auth is an authentication and authorization library for TypeScript. An open redirect has been found in the originCheck middleware function, which affects the following routes: /verify-email, /reset-password/:token, /delete-user/callback, /magi...
CVE-2025-27143
- EPSS 0.15%
- Veröffentlicht 24.02.2025 23:15:11
- Zuletzt bearbeitet 28.02.2025 16:07:41
Better Auth is an authentication and authorization library for TypeScript. Prior to version 1.1.21, the application is vulnerable to an open redirect due to improper validation of the callbackURL parameter in the email verification endpoint and any o...
CVE-2024-56734
- EPSS 0.16%
- Veröffentlicht 30.12.2024 17:15:10
- Zuletzt bearbeitet 20.10.2025 16:15:38
Better Auth is an authentication library for TypeScript. An open redirect vulnerability has been identified in the verify email endpoint of all versions of Better Auth prior to v1.1.6, potentially allowing attackers to redirect users to malicious web...