Better Auth URL parameter HTML Injection (Reflected Cross-Site scripting)
The better-auth /api/auth/error page was vulnerable to HTML injection, resulting in a reflected cross-site scripting (XSS) vulnerability.
Advisories for Npm/Better-Auth package
2025
2024
Better Auth has an Open Redirect Vulnerability in Verify Email Endpoint
An open redirect vulnerability has been identified in the verify email endpoint of Better Auth, potentially allowing attackers to redirect users to malicious websites. This issue affects users relying on email verification links generated by the library.