453 matches found
GHSA-5HHX-V7F6-X7GV Claude Code vulnerable to command execution prior to startup trust dialog
When using Claude Code with Yarn installed, Yarn config files can trigger code execution when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins and yarnPath could be executed prior to the user accepting the risks of working in an untruste...
Arbitrary Code Injection
Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Arbitrary Code Injection via ya...
CVE-2025-65099
Claude Code is an agentic coding tool. Prior to version 1.0.39, when running on a machine with Yarn 3.0 or above, Claude Code could have been tricked to execute code contained in a project via yarn plugins before the user accepted the startup trust dialog. Exploiting this would have required a us...
CVE-2025-65099 Claude Code vulnerable to command execution prior to startup trust dialog
Claude Code is an agentic coding tool. Prior to version 1.0.39, when running on a machine with Yarn 3.0 or above, Claude Code could have been tricked to execute code contained in a project via yarn plugins before the user accepted the startup trust dialog. Exploiting this would have required a us...
CVE-2025-65099 Claude Code vulnerable to command execution prior to startup trust dialog
Claude Code is an agentic coding tool. Prior to version 1.0.39, when running on a machine with Yarn 3.0 or above, Claude Code could have been tricked to execute code contained in a project via yarn plugins before the user accepted the startup trust dialog. Exploiting this would have required a us...
CVE-2025-65099 Claude Code vulnerable to command execution prior to startup trust dialog
Claude Code is an agentic coding tool. Prior to version 1.0.39, when running on a machine with Yarn 3.0 or above, Claude Code could have been tricked to execute code contained in a project via yarn plugins before the user accepted the startup trust dialog. Exploiting this would have required a us...
PT-2025-47513
Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 1.0.39 Description Prior to version 1.0.39, Claude Code could be tricked into executing code contained in a project through Yarn plugins before the user accepted the startup trust dialog, when running on a machine...
Claude Code 代码注入漏洞
Claude Code is an open source proxy coding tool from Anthropic. A code injection vulnerability exists in Claude Code versions prior to 1.0.39, which stems from the possibility of executing project code via the yarn plugin without the user having to accept the startup trust dialog in Yarn 3.0 and...
Chinese Hackers Use Anthropic's AI to Launch Automated Cyber Espionage Campaign
State-sponsored threat actors from China used artificial intelligence AI technology developed by Anthropic to orchestrate automated cyber attacks as part of a "highly sophisticated espionage campaign" in mid-September 2025. "The attackers used AI's 'agentic' capabilities to an unprecedented degre...
Redefining Enterprise Defense in the Era of AI-Led Cyberattacks
More cybercriminals are turning to using autonomous AI tools to upgrade their attacks, as exemplified by the recent utilization of Anthropic’s Claude Code, prompting an urgent need for enterprises to adopt agentic AI-driven security platforms and proactive defenses to counter AI-related threats...
Malicious Package
Overview @chatclub/claude-code is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
EUVD-2025-38230
Malicious code in @chatclub/claude-code npm...
MAL-2025-49379 Malicious code in @chatclub/claude-code (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6acfccb78a615c7f037fe5dbd1001d9a77ca4015c89c94122ba5dd78978b66b The package @chatclub/claude-code was found to contain malicious code. Source: ghsa-malware...
Arbitrary Code Execution
@anthropic-ai/claude-code is vulnerable to Arbitrary Code Execution. The vulnerability is due to the automatic execution of Yarn plugins when running yarn --version, which allows an attacker to bypass the directory trust dialog and execute code before the user confirms trust in the directory...
EUVD-2025-36128
Malicious code in @chatgptclaudeclub/claude-code npm...
Malicious Package
Overview @chatgptclaudeclub/claude-code is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...
CVE-2025-59829
Claude Code is an agentic coding tool. Versions below 1.0.120 failed to account for symlinks when checking permission deny rules. If a user explicitly denied Claude Code access to a file and Claude Code had access to a symlink pointing to that file, it was possible for Claude Code to access the...
EUVD-2025-32229
Malicious code in bioql PyPI...
EUVD-2025-28585
Malicious code in bioql PyPI...
EUVD-2025-31043
Malicious code in bioql PyPI...