Lucene search
K

741 matches found

Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.4 views

Fedora 43 : yarnpkg (2026-a75abb3f2b)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-a75abb3f2b advisory. Regenerate vendor tarball. Fixes CVE-2025-13465. Tenable has extracted the preceding description block directly from the Fedora security advisory...

8.2CVSS6AI score0.01535EPSS
Exploits0References2
Veracode
Veracode
added 2025/12/17 7:41 a.m.7 views

Regular Expression Denial Of Service (ReDoS)

Yarn is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to improper handling of user-controlled options in the setOptions function, which allows a local attacker to supply crafted input that triggers excessive regular expression processing and causes a denial of...

5.5CVSS4.7AI score0.00188EPSS
Exploits1References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/12/12 12:0 a.m.3 views

Fedora 43 : yarnpkg (2025-de6cf573f0)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-de6cf573f0 advisory. Fix CVE-2205-64756. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not teste...

7.5CVSS6.5AI score0.03092EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/11/20 9:36 p.m.6 views

CVE-2025-65099

Claude Code is an agentic coding tool. Prior to version 1.0.39, when running on a machine with Yarn 3.0 or above, Claude Code could have been tricked to execute code contained in a project via yarn plugins before the user accepted the startup trust dialog. Exploiting this would have required a us...

9.8CVSS7.4AI score0.0045EPSS
Exploits0References1
Snyk
Snyk
added 2025/11/19 8:33 p.m.6 views

Arbitrary Code Injection

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Arbitrary Code Injection via ya...

9.8CVSS7.9AI score0.0045EPSS
Exploits0References2
OSV
OSV
added 2025/11/19 8:33 p.m.7 views

GHSA-5HHX-V7F6-X7GV Claude Code vulnerable to command execution prior to startup trust dialog

When using Claude Code with Yarn installed, Yarn config files can trigger code execution when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins and yarnPath could be executed prior to the user accepting the risks of working in an untruste...

7.7CVSS7.2AI score0.0045EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/11/19 8:33 p.m.20 views

Claude Code vulnerable to command execution prior to startup trust dialog

When using Claude Code with Yarn installed, Yarn config files can trigger code execution when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins and yarnPath could be executed prior to the user accepting the risks of working in an untruste...

9.8CVSS7.3AI score0.0045EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2025/11/19 6:15 p.m.12 views

CVE-2025-65099

Claude Code is an agentic coding tool. Prior to version 1.0.39, when running on a machine with Yarn 3.0 or above, Claude Code could have been tricked to execute code contained in a project via yarn plugins before the user accepted the startup trust dialog. Exploiting this would have required a us...

9.8CVSS0.0045EPSS
Exploits0References1
OSV
OSV
added 2025/11/19 5:35 p.m.6 views

CVE-2025-65099 Claude Code vulnerable to command execution prior to startup trust dialog

Claude Code is an agentic coding tool. Prior to version 1.0.39, when running on a machine with Yarn 3.0 or above, Claude Code could have been tricked to execute code contained in a project via yarn plugins before the user accepted the startup trust dialog. Exploiting this would have required a us...

7.7CVSS5.9AI score0.0045EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/19 5:35 p.m.5 views

CVE-2025-65099 Claude Code vulnerable to command execution prior to startup trust dialog

Claude Code is an agentic coding tool. Prior to version 1.0.39, when running on a machine with Yarn 3.0 or above, Claude Code could have been tricked to execute code contained in a project via yarn plugins before the user accepted the startup trust dialog. Exploiting this would have required a us...

7.7CVSS7AI score0.0045EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/19 5:35 p.m.19 views

CVE-2025-65099 Claude Code vulnerable to command execution prior to startup trust dialog

Claude Code is an agentic coding tool. Prior to version 1.0.39, when running on a machine with Yarn 3.0 or above, Claude Code could have been tricked to execute code contained in a project via yarn plugins before the user accepted the startup trust dialog. Exploiting this would have required a us...

7.7CVSS0.0045EPSS
Exploits0References1
CVE
CVE
added 2025/11/19 5:35 p.m.33 views

CVE-2025-65099

CVE-2025-65099 – Claude Code pre‑startup trust bypass via Yarn 3.x plugins is raised for Claude Code prior to 1.0.39. The issue allowed code execution from a project directory by exploiting Yarn 3.0+ plugins before the startup trust dialog was accepted. Affected scenario required running Claude C...

9.8CVSS7.1AI score0.0045EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/11/19 12:0 a.m.6 views

Claude Code 代码注入漏洞

Claude Code is an open source proxy coding tool from Anthropic. A code injection vulnerability exists in Claude Code versions prior to 1.0.39, which stems from the possibility of executing project code via the yarn plugin without the user having to accept the startup trust dialog in Yarn 3.0 and...

9.8CVSS7.2AI score0.0045EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/19 12:0 a.m.5 views

PT-2025-47513

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 1.0.39 Description Prior to version 1.0.39, Claude Code could be tricked into executing code contained in a project through Yarn plugins before the user accepted the startup trust dialog, when running on a machine...

7.7CVSS6.8AI score0.0045EPSS
Exploits0References5
Veracode
Veracode
added 2025/11/06 9:18 a.m.9 views

Arbitrary Code Execution

@anthropic-ai/claude-code is vulnerable to Arbitrary Code Execution. The vulnerability is due to the automatic execution of Yarn plugins when running yarn --version, which allows an attacker to bypass the directory trust dialog and execute code before the user confirms trust in the directory...

9.8CVSS7.7AI score0.00341EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2025/10/29 10:51 p.m.4 views

Malicious Package

Overview @gitlab-test/yarn-v4 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2025/10/29 10:51 p.m.3 views

MAL-2025-48968 Malicious code in @gitlab-test/yarn-v4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f274342e8c6f4a200134b68b571eb1eb5d9f01c5d28f5d445b0da3fff6808ff1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References2
EUVD
EUVD
added 2025/10/29 10:51 p.m.4 views

EUVD-2025-36793

Malicious code in @gitlab-test/yarn-v4 npm...

6.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/10/29 10:51 p.m.6 views

Malicious code in @gitlab-test/yarn-v4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f274342e8c6f4a200134b68b571eb1eb5d9f01c5d28f5d445b0da3fff6808ff1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References2
Fedora
Fedora
added 2025/10/25 9:15 p.m.7 views

[SECURITY] Fedora 43 Update: yarnpkg-1.22.22-12.fc43

Fast, reliable, and secure dependency management...

8.7CVSS7AI score0.00516EPSS
Exploits0
Rows per page
Query Builder