better-auth is vulnerable to open redirect. The vulnerability is due to improper validation of user-supplied URLs in the originCheck middleware, which allows an attacker to redirect users to arbitrary external sites via crafted requests to routes such as /verify-email, /reset-password/:token, /delete-user/callback, /magic-link/verify, and…Read More