CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

17 matches found

vulnersOsv•added 2026/04/24 4:34 p.m.•5 views

@netlify/agent-runner-cli (>=1.83.1 <=1.94.0-netlifydb.4), feishu-claude-bot (=0.1.0) +1 more potentially affected by CVE-2026-40068 via @anthropic-ai/claude-code (>=2.1.63 <=2.1.81)

@anthropic-ai/claude-code NPM version =2.1.63, =1.83.1, =1.2.2, =1.2.3 Source cves: CVE-2026-40068 Source advisory: SNYK:JS-ANTHROPICAICLAUDECODE-16301567...

8.8CVSS5.8AI score0.00281EPSS

Exploits0

Snyk•added 2026/04/21 6:51 p.m.•2 views

UNIX Symbolic Link (Symlink) Following

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink...

10CVSS6.4AI score0.00518EPSS

Exploits0References3

vulnersOsv•added 2026/04/21 6:51 p.m.•8 views

1shot (>=0.0.1 <=0.0.2), @3030-labs/wotw (=0.8.4) +178 more potentially affected by CVE-2026-39861 via @anthropic-ai/claude-code (>=2.0.0 <=2.1.63)

@anthropic-ai/claude-code NPM version =2.0.0, =0.0.1, =2.1.0, =0.0.0-dev-20260312143810, =1.5.6, =0.0.0-main-260517022600, =0.0.0-main-260517043948, =0.2.5, =4.10.0, =2.1.2, =3.0.2 - @chude/memory =4.0.0 and more Source cves: CVE-2026-39861 Source advisory: SNYK:JS-ANTHROPICAICLAUDECODE-16191021...

10CVSS5.4AI score0.00518EPSS

Exploits0

Veracode•added 2026/03/31 11:2 a.m.•3 views

Arbitrary Code Execution.

@anthropic-ai/claude-code is vulnerable to Arbitrary code execution. The vulnerability is due to improper parsing of shell commands involving $IFS and short CLI flags, which allows an attacker to bypass read-only validation and execute arbitrary code by injecting untrusted content into the contex...

9.8CVSS6.2AI score0.00628EPSS

Exploits0References2Affected Software1

Veracode•added 2026/02/17 10:55 a.m.•6 views

Command Validation Bypass

@anthropic-ai/claude-code is vulnerable to command validation bypass. The vulnerability is due to improper validation of piped sed operations with the echo command, which allows an attacker to bypass file write restrictions and write to sensitive directories when the “accept edits” feature is...

7.7CVSS5.6AI score0.00264EPSS

Exploits0References2Affected Software1

vulnersOsv•added 2026/02/06 7:8 p.m.•5 views

1shot (>=0.0.1 <=0.0.9), @3030-labs/wotw (=0.8.4) +373 more potentially affected by CVE-2026-25724 via @anthropic-ai/claude-code (>=0.2.126 <=2.1.63)

@anthropic-ai/claude-code NPM version =0.2.126, =0.0.1, =1.0.0, =2.1.0, =0.0.0-dev-20260312143810, =1.5.6, =0.1.18, =1.0.0, =0.4.0, =0.11.0 and more Source cves: CVE-2026-25724 Source advisory: OSV:GHSA-4Q92-RFM6-2CQX...

7.5CVSS5.4AI score0.00376EPSS

Exploits0

vulnersOsv•added 2026/02/06 7:2 p.m.•8 views

1shot (>=0.0.3 <=0.0.9), @4via6/relay (>=1.0.0 <=1.1.3) +233 more potentially affected by CVE-2026-25722 via @anthropic-ai/claude-code (>=0.2.126 <=2.0.55)

@anthropic-ai/claude-code NPM version =0.2.126, =0.0.3, =1.0.0, =0.1.18, =1.0.0, =0.4.0, =0.2.3, =0.0.1, =0.0.1, =0.0.55, =0.0.69 - @brandongtr/rule-agent-cli =1.0.1-beta.0 and more Source cves: CVE-2026-25722 Source advisory: OSV:GHSA-66Q4-VFJG-2QHH...

9.1CVSS5.4AI score0.00357EPSS

Exploits0

vulnersOsv•added 2026/02/03 7:33 p.m.•5 views

1shot (>=0.0.3 <=0.0.9), @4via6/relay (>=1.0.0 <=1.1.3) +234 more potentially affected by CVE-2026-24887 via @anthropic-ai/claude-code (>=0.2.126 <=2.0.69)

8.8CVSS5.4AI score0.00562EPSS

Exploits1

vulnersOsv•added 2026/02/03 7:32 p.m.•7 views

1shot (>=0.0.3 <=0.0.9), @4via6/relay (>=1.0.0 <=1.1.3) +234 more potentially affected by CVE-2026-24053 via @anthropic-ai/claude-code (>=0.2.126 <=2.0.69)

7.7CVSS5.4AI score0.00464EPSS

Exploits0

vulnersOsv•added 2025/12/03 4:27 p.m.•5 views

1shot (>=0.0.3 <=0.0.9), @4via6/relay (>=1.0.0 <=1.1.3) +221 more potentially affected by CVE-2025-66032 via @anthropic-ai/claude-code (>=0.2.126 <=1.0.90)

@anthropic-ai/claude-code NPM version =0.2.126, =0.0.3, =1.0.0, =0.1.18, =1.0.0, =0.4.0, =0.2.3, =0.0.1, =0.0.1, =0.0.55, =0.0.69 - @brandongtr/rule-agent-cli =1.0.1-beta.0 and more Source cves: CVE-2025-66032 Source advisory: OSV:GHSA-XQ4M-MC3C-VVG3...

9.8CVSS5.4AI score0.00628EPSS

Exploits0

Veracode•added 2025/11/06 9:18 a.m.•7 views

Arbitrary Code Execution

@anthropic-ai/claude-code is vulnerable to Arbitrary Code Execution. The vulnerability is due to the automatic execution of Yarn plugins when running yarn --version, which allows an attacker to bypass the directory trust dialog and execute code before the user confirms trust in the directory...

9.8CVSS7.7AI score0.00341EPSS

Exploits0References5Affected Software1

vulnersOsv•added 2025/09/24 6:57 p.m.•9 views

1shot (>=0.0.3 <=0.0.9), @4via6/relay (>=1.0.0 <=1.1.3) +220 more potentially affected by CVE-2025-59828 via @anthropic-ai/claude-code (>=0.2.126 <=1.0.24)

@anthropic-ai/claude-code NPM version =0.2.126, =0.0.3, =1.0.0, =0.1.18, =1.0.0, =0.4.0, =0.2.3, =0.0.1, =0.0.1, =0.0.55, =0.0.69 - @brandongtr/rule-agent-cli =1.0.1-beta.0 and more Source cves: CVE-2025-59828 Source advisory: OSV:GHSA-2JJV-QF24-VFM4...

9.8CVSS5.4AI score0.00341EPSS

Exploits0

vulnersOsv•added 2025/09/24 6:57 p.m.•4 views

1shot (>=0.0.3 <=0.0.9), @4xian/ccapi (=1.0.6) +208 more potentially affected by CVE-2025-59828 via @anthropic-ai/claude-code (>=1.0.108 <=1.0.24)

@anthropic-ai/claude-code NPM version =1.0.108, =0.0.3, =0.1.18, =1.0.0, =0.4.0, =0.2.3, =0.0.1, =0.6.0-rc34, =1.0.0, =1.3.2-canary.5af7e49 - @chittycorp/chittychat =3.0.0 and more Source cves: CVE-2025-59828 Source advisory: SNYK:JS-ANTHROPICAICLAUDECODE-13109605...

9.8CVSS5.4AI score0.00341EPSS

Exploits0

OSV•added 2025/09/10 5:10 p.m.•6 views

GHSA-QXFV-FCPC-W36X Claude Code rg vulnerability does not protect against approval prompt bypass

Due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. Users on standard Claude Code auto-update will...

8.7CVSS7.3AI score0.00512EPSS

Exploits0References3

vulnersOsv•added 2025/08/18 6:46 p.m.•7 views

1shot (>=0.0.3 <=0.0.9), @4via6/relay (>=1.0.0 <=1.1.3) +220 more potentially affected by CVE-2025-55284 via @anthropic-ai/claude-code (>=0.2.126 <=1.0.24)

@anthropic-ai/claude-code NPM version =0.2.126, =0.0.3, =1.0.0, =0.1.18, =1.0.0, =0.4.0, =0.2.3, =0.0.1, =0.0.1, =0.0.55, =0.0.69 - @brandongtr/rule-agent-cli =1.0.1-beta.0 and more Source cves: CVE-2025-55284 Source advisory: OSV:GHSA-X5GV-JW7F-J6XJ...

7.5CVSS5.8AI score0.00431EPSS

Exploits0

vulnersOsv•added 2025/08/18 6:46 p.m.•7 views

1shot (>=0.0.3 <=0.0.9), @4xian/ccapi (=1.0.6) +208 more potentially affected by CVE-2025-55284 via @anthropic-ai/claude-code (>=1.0.108 <=1.0.24)

@anthropic-ai/claude-code NPM version =1.0.108, =0.0.3, =0.1.18, =1.0.0, =0.4.0, =0.2.3, =0.0.1, =0.6.0-rc34, =1.0.0, =1.3.2-canary.5af7e49 - @chittycorp/chittychat =3.0.0 and more Source cves: CVE-2025-55284 Source advisory: SNYK:JS-ANTHROPICAICLAUDECODE-12028699...

7.5CVSS5.8AI score0.00431EPSS

Exploits0

NVD•added 2025/08/05 1:15 a.m.•7 views

CVE-2025-54795

Claude Code is an agentic coding tool. In versions below 1.0.20, an error in command parsing makes it possible to bypass the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claude Code...

9.8CVSS0.00944EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by