Skip to content

Better Auth: OAuth callback accepts mismatched `state` when cookie-backed state storage is used without PKCE

Moderate severity GitHub Reviewed Published May 11, 2026 in better-auth/better-auth • Updated May 15, 2026
0 Open 0 Closed
Type
Filter by repository type
All
Public
Private
Internal
Sort
Sort by
Newest
Oldest

No open alerts for this advisory

Give feedback on Dependabot alerts