Snyk Security Database

@better-auth/oauth-provider is an An oauth provider plugin for Better Auth

Affected versions of this package are vulnerable to Incorrect Authorization via the createOAuthClientEndpoint endpoint. An attacker can gain unauthorized access to register OAuth clients by bypassing the intended clientPrivileges authorization checks, allowing the creation of clients with attacker-controlled redirect URIs and metadata. This may lead to increased risk of phishing, social engineering, and abuse of trust in OAuth/OIDC flows.

openchatbi is an OpenChatBI - Natural language business intelligence powered by LLMs for intuitive data analysis and SQL generation

Affected versions of this package are vulnerable to SQL Injection via the Multi-stage Text2SQL Workflow component when processing the keywords argument. An attacker can execute unauthorized SQL commands by manipulating input remotely.

com.github.junrar:junrar is a rar decompression library in plain java.

Affected versions of this package are vulnerable to Directory Traversal via the createDirectory() and createFile() methods in LocalFolderExtractor module. An attacker can write arbitrary files to sibling directories by crafting a RAR archive with filenames containing directory traversal sequences.