CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

17 matches found

vulnersOsv•added 2026/04/24 4:34 p.m.•3 views

@netlify/agent-runner-cli (>=1.83.1 <=1.94.0-netlifydb.4), feishu-claude-bot (=0.1.0) +1 more potentially affected by CVE-2026-40068 via @anthropic-ai/claude-code (>=2.1.63 <=2.1.81)

@anthropic-ai/claude-code NPM version =2.1.63, =1.83.1, =1.2.2, =1.2.3 Source cves: CVE-2026-40068 Source advisory: SNYK:JS-ANTHROPICAICLAUDECODE-16301567...

8.8CVSS5.8AI score0.00125EPSS

Exploits0

Snyk•added 2026/04/21 6:51 p.m.•2 views

UNIX Symbolic Link (Symlink) Following

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink...

10CVSS6.4AI score0.00168EPSS

Exploits0References3

vulnersOsv•added 2026/04/21 6:51 p.m.•3 views

1shot (>=0.0.1 <=0.0.2), @4via6/relay (=1.2.0) +170 more potentially affected by CVE-2026-39861 via @anthropic-ai/claude-code (>=2.0.0 <=2.1.63)

@anthropic-ai/claude-code NPM version =2.0.0, =0.0.1, =2.1.0, =0.0.0-dev-20260312143810, =1.5.6, =0.2.5, =4.10.0, =2.1.2, =0.3.0, =0.3.3, =0.3.0, =0.2.0, =0.3.5 and more Source cves: CVE-2026-39861 Source advisory: SNYK:JS-ANTHROPICAICLAUDECODE-16191021...

10CVSS5.8AI score0.00168EPSS

Exploits0

Veracode•added 2026/03/31 11:2 a.m.•2 views

Arbitrary Code Execution.

@anthropic-ai/claude-code is vulnerable to Arbitrary code execution. The vulnerability is due to improper parsing of shell commands involving $IFS and short CLI flags, which allows an attacker to bypass read-only validation and execute arbitrary code by injecting untrusted content into the contex...

9.8CVSS6.2AI score0.00039EPSS

Exploits0References1Affected Software1

Veracode•added 2026/02/17 10:55 a.m.•4 views

Command Validation Bypass

@anthropic-ai/claude-code is vulnerable to command validation bypass. The vulnerability is due to improper validation of piped sed operations with the echo command, which allows an attacker to bypass file write restrictions and write to sensitive directories when the “accept edits” feature is...

7.7CVSS5.6AI score0.00101EPSS

Exploits0References1Affected Software1

vulnersOsv•added 2026/02/06 7:8 p.m.•3 views

1shot (>=0.0.1 <=0.0.9), @4via6/relay (>=1.0.0 <=1.2.0) +363 more potentially affected by CVE-2026-25724 via @anthropic-ai/claude-code (>=0.2.126 <=2.1.63)

@anthropic-ai/claude-code NPM version =0.2.126, =0.0.1, =1.0.0, =2.1.0, =0.0.0-dev-20260312143810, =1.5.6, =0.1.18, =1.0.0, =0.4.0, =0.11.0 - @arach/hooked =1.1.1 and more Source cves: CVE-2026-25724 Source advisory: OSV:GHSA-4Q92-RFM6-2CQX...

7.5CVSS5.8AI score0.00055EPSS

Exploits0

vulnersOsv•added 2026/02/06 7:2 p.m.•2 views

1shot (>=0.0.3 <=0.0.9), @4via6/relay (>=1.0.0 <=1.1.3) +231 more potentially affected by CVE-2026-25722 via @anthropic-ai/claude-code (>=0.2.126 <=2.0.55)

@anthropic-ai/claude-code NPM version =0.2.126, =0.0.3, =1.0.0, =0.1.18, =1.0.0, =0.4.0, =0.2.3, =0.0.1, =0.0.1, =0.0.55, =0.0.69 - @brandongtr/rule-agent-cli =1.0.1-beta.0 and more Source cves: CVE-2026-25722 Source advisory: OSV:GHSA-66Q4-VFJG-2QHH...

9.1CVSS5.8AI score0.00188EPSS

Exploits0

vulnersOsv•added 2026/02/03 7:33 p.m.•1 views

1shot (>=0.0.3 <=0.0.9), @4via6/relay (>=1.0.0 <=1.1.3) +232 more potentially affected by CVE-2026-24887 via @anthropic-ai/claude-code (>=0.2.126 <=2.0.69)

8.8CVSS5.8AI score0.00058EPSS

Exploits1

vulnersOsv•added 2026/02/03 7:32 p.m.•3 views

1shot (>=0.0.3 <=0.0.9), @4via6/relay (>=1.0.0 <=1.1.3) +232 more potentially affected by CVE-2026-24053 via @anthropic-ai/claude-code (>=0.2.126 <=2.0.69)

7.7CVSS5.8AI score0.00022EPSS

Exploits0

vulnersOsv•added 2025/12/03 4:27 p.m.•3 views

1shot (>=0.0.3 <=0.0.9), @4via6/relay (>=1.0.0 <=1.1.3) +219 more potentially affected by CVE-2025-66032 via @anthropic-ai/claude-code (>=0.2.126 <=1.0.90)

@anthropic-ai/claude-code NPM version =0.2.126, =0.0.3, =1.0.0, =0.1.18, =1.0.0, =0.4.0, =0.2.3, =0.0.1, =0.0.1, =0.0.55, =0.0.69 - @brandongtr/rule-agent-cli =1.0.1-beta.0 and more Source cves: CVE-2025-66032 Source advisory: OSV:GHSA-XQ4M-MC3C-VVG3...

9.8CVSS5.8AI score0.00039EPSS

Exploits0

Veracode•added 2025/11/06 9:18 a.m.•5 views

Arbitrary Code Execution

@anthropic-ai/claude-code is vulnerable to Arbitrary Code Execution. The vulnerability is due to the automatic execution of Yarn plugins when running yarn --version, which allows an attacker to bypass the directory trust dialog and execute code before the user confirms trust in the directory...

9.8CVSS7.7AI score0.0008EPSS

Exploits0References5Affected Software1

vulnersOsv•added 2025/09/24 6:57 p.m.•3 views

1shot (>=0.0.3 <=0.0.9), @4via6/relay (>=1.0.0 <=1.1.3) +218 more potentially affected by CVE-2025-59828 via @anthropic-ai/claude-code (>=0.2.126 <=1.0.24)

@anthropic-ai/claude-code NPM version =0.2.126, =0.0.3, =1.0.0, =0.1.18, =1.0.0, =0.4.0, =0.2.3, =0.0.1, =0.0.1, =0.0.55, =0.0.69 - @brandongtr/rule-agent-cli =1.0.1-beta.0 and more Source cves: CVE-2025-59828 Source advisory: OSV:GHSA-2JJV-QF24-VFM4...

9.8CVSS5.8AI score0.0008EPSS

Exploits0

vulnersOsv•added 2025/09/24 6:57 p.m.•2 views

1shot (>=0.0.3 <=0.0.9), @4xian/ccapi (=1.0.6) +206 more potentially affected by CVE-2025-59828 via @anthropic-ai/claude-code (>=1.0.108 <=1.0.24)

@anthropic-ai/claude-code NPM version =1.0.108, =0.0.3, =0.1.18, =1.0.0, =0.4.0, =0.2.3, =0.0.1, =0.6.0-rc34, =1.0.0, =1.3.2-canary.5af7e49 - @chittycorp/chittychat =3.0.0 and more Source cves: CVE-2025-59828 Source advisory: SNYK:JS-ANTHROPICAICLAUDECODE-13109605...

9.8CVSS5.8AI score0.0008EPSS

Exploits0

OSV•added 2025/09/10 5:10 p.m.•5 views

GHSA-QXFV-FCPC-W36X Claude Code rg vulnerability does not protect against approval prompt bypass

Due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. Users on standard Claude Code auto-update will...

8.7CVSS7.3AI score0.00516EPSS

Exploits0References3

vulnersOsv•added 2025/08/18 6:46 p.m.•4 views

1shot (>=0.0.3 <=0.0.9), @4xian/ccapi (=1.0.6) +206 more potentially affected by CVE-2025-55284 via @anthropic-ai/claude-code (>=1.0.108 <=1.0.24)

@anthropic-ai/claude-code NPM version =1.0.108, =0.0.3, =0.1.18, =1.0.0, =0.4.0, =0.2.3, =0.0.1, =0.6.0-rc34, =1.0.0, =1.3.2-canary.5af7e49 - @chittycorp/chittychat =3.0.0 and more Source cves: CVE-2025-55284 Source advisory: SNYK:JS-ANTHROPICAICLAUDECODE-12028699...

7.5CVSS6AI score0.00137EPSS

Exploits0

vulnersOsv•added 2025/08/18 6:46 p.m.•2 views

1shot (>=0.0.3 <=0.0.9), @4via6/relay (>=1.0.0 <=1.1.3) +218 more potentially affected by CVE-2025-55284 via @anthropic-ai/claude-code (>=0.2.126 <=1.0.24)

@anthropic-ai/claude-code NPM version =0.2.126, =0.0.3, =1.0.0, =0.1.18, =1.0.0, =0.4.0, =0.2.3, =0.0.1, =0.0.1, =0.0.55, =0.0.69 - @brandongtr/rule-agent-cli =1.0.1-beta.0 and more Source cves: CVE-2025-55284 Source advisory: OSV:GHSA-X5GV-JW7F-J6XJ...

7.5CVSS6AI score0.00137EPSS

Exploits0

NVD•added 2025/08/05 1:15 a.m.•4 views

CVE-2025-54795

Claude Code is an agentic coding tool. In versions below 1.0.20, an error in command parsing makes it possible to bypass the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claude Code...

9.8CVSS0.00541EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by