CVE-2025-59536 Claude Code's startup trust dialog could lead to Command Execution attack

Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires...

Claude Code 安全漏洞

Claude Code is an open source proxy coding tool from Anthropic. A security vulnerability exists in Claude Code versions prior to 1.0.120 that stems from a failure to consider symbolic links when checking permission denial rules, which could lead to bypassing file access restrictions...

PT-2025-40539

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 1.0.120 Description An issue existed where Claude Code did not properly handle symlinks when enforcing permission deny rules. Specifically, if a user blocked Claude Code’s access to a file, but Claude Code had...

Claude Code 代码注入漏洞

Claude Code is an open source proxy coding tool from Anthropic. A code injection vulnerability exists in Claude Code versions prior to 1.0.111, which stems from a flaw in the implementation of the startup trust dialog box that could lead to a code injection attack...

CVE-2025-59828

Claude Code is an agentic coding tool. Prior to Claude Code version 1.0.39, when using Claude Code with Yarn versions 2.0+, Yarn plugins are auto-executed when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins would be executed prior to t...

CVE-2025-59828

Claude Code is an agentic coding tool. Prior to Claude Code version 1.0.39, when using Claude Code with Yarn versions 2.0+, Yarn plugins are auto-executed when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins would be executed prior to t...

CVE-2025-59828 Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions

Claude Code is an agentic coding tool. Prior to Claude Code version 1.0.39, when using Claude Code with Yarn versions 2.0+, Yarn plugins are auto-executed when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins would be executed prior to t...

CVE-2025-59828 Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions

Claude Code is an agentic coding tool. Prior to Claude Code version 1.0.39, when using Claude Code with Yarn versions 2.0+, Yarn plugins are auto-executed when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins would be executed prior to t...

CVE-2025-59828 Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions

Claude Code is an agentic coding tool. Prior to Claude Code version 1.0.39, when using Claude Code with Yarn versions 2.0+, Yarn plugins are auto-executed when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins would be executed prior to t...

1shot (>=0.0.3 <=0.0.9), @4via6/relay (>=1.0.0 <=1.1.3) +220 more potentially affected by CVE-2025-59828 via @anthropic-ai/claude-code (>=0.2.126 <=1.0.24)

@anthropic-ai/claude-code NPM version =0.2.126, =0.0.3, =1.0.0, =0.1.18, =1.0.0, =0.4.0, =0.2.3, =0.0.1, =0.0.1, =0.0.55, =0.0.69 - @brandongtr/rule-agent-cli =1.0.1-beta.0 and more Source cves: CVE-2025-59828 Source advisory: OSV:GHSA-2JJV-QF24-VFM4...

1shot (>=0.0.3 <=0.0.9), @4xian/ccapi (=1.0.6) +208 more potentially affected by CVE-2025-59828 via @anthropic-ai/claude-code (>=1.0.108 <=1.0.24)

@anthropic-ai/claude-code NPM version =1.0.108, =0.0.3, =0.1.18, =1.0.0, =0.4.0, =0.2.3, =0.0.1, =0.6.0-rc34, =1.0.0, =1.3.2-canary.5af7e49 - @chittycorp/chittychat =3.0.0 and more Source cves: CVE-2025-59828 Source advisory: SNYK:JS-ANTHROPICAICLAUDECODE-13109605...

Missing Authorization

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Missing Authorization via the...

GHSA-2JJV-QF24-VFM4 Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions

When using Claude Code with Yarn installed, Yarn config files can trigger code execution when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins and yarnPath could be executed prior to the user accepting the risks of working in an untruste...

Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions

When using Claude Code with Yarn installed, Yarn config files can trigger code execution when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins and yarnPath could be executed prior to the user accepting the risks of working in an untruste...

Claude Code 安全漏洞

Claude Code is an open source proxy coding tool from Anthropic. A security vulnerability exists in versions prior to Claude Code 1.0.39, which stems from the Yarn plugin auto-execution and could lead to bypassing the directory trust dialog...

PT-2025-39338

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 1.0.39 Description Claude Code is an agentic coding tool. When used with Yarn versions 2.0 and higher, Yarn plugins are automatically executed when running yarn --version in versions prior to 1.0.39. This could...

CVE-2025-58764

Claude Code is an agentic coding tool. Due to an error in command parsing, versions prior to 1.0.105 were vulnerable to a bypass of the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claud...

CVE-2025-59041

Claude Code is an agentic coding tool. At startup, Claude Code executed a command templated in with git config user.email. Prior to version 1.0.105, a maliciously configured user email in git could be used to trigger arbitrary code execution before a user accepted the workspace trust dialog. User...

@4via6/relay (>=1.0.0 <=1.1.3), @axonpush/wizard (>=0.0.1 <=0.0.4) +10 more potentially affected by CVE-2025-59041 via @anthropic-ai/claude-code (>=0.2.126 <=0.2.35)

@anthropic-ai/claude-code NPM version =0.2.126, =1.0.0, =0.0.1, =0.0.55, =1.0.0, =0.0.1, =0.0.1, =1.8.0, =1.4.0, =0.0.1, =0.0.1, =0.0.5 Source cves: CVE-2025-59041 Source advisory: OSV:GHSA-J4H9-WV2M-WRF7...

Arbitrary Code Injection

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Arbitrary Code Injection via th...