Browse all 5 CVE security advisories affecting better-auth. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Better-auth is an authentication and authorization library designed to secure web applications with customizable authentication flows. Historically, it has been susceptible to remote code execution (RCE), cross-site scripting (XSS), and privilege escalation vulnerabilities, primarily due to improper input validation and misconfigurations. The library's security posture has been impacted by five disclosed CVEs, highlighting risks in session management and OAuth implementations. While better-auth offers flexible security features, its complex configuration options have led to misdeployments in production environments. Users must carefully implement security controls to mitigate potential exploitation paths, particularly in multi-tenant deployments where isolation between user contexts is critical.
Showing up to 20 recent security advisories. View all →
This page lists every published CVE security advisory associated with better-auth. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.