better-auth (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package better-auth, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2025-61928: Better Auth is an authentication and authorization library for TypeScript. In versions prior to 1.3.26, unauthenticated attackers can…
CVE-2026-45364 — CVSS 7.3 (high): Better Auth is an authentication and authorization library for TypeScript. Prior to 1.4.17 and 1.5.0-beta.9, Better Auth's HTTP rate…
CVE-2024-56734 — CVSS 6.1 (medium): Better Auth is an authentication library for TypeScript. An open redirect vulnerability has been identified in the verify email endpoint of…
CVE-2025-27143 — CVSS 6.1 (medium): Better Auth is an authentication and authorization library for TypeScript. Prior to version 1.1.21, the application is vulnerable to an…
CVE-2025-53535: Better Auth is an authentication and authorization library for TypeScript. An open redirect has been found in the originCheck middleware…