Lucene search
K

741 matches found

CVE
CVE
added 2025/09/24 7:30 p.m.28 views

CVE-2025-59828

CVE-2025-59828 affects Claude Code prior to version 1.0.39, where using Yarn 2.0+ can auto-execute Yarn plugins during yarn --version, bypassing the directory trust dialog and enabling arbitrary code execution. The issue does not affect Yarn Classic. Fix: upgrade Claude Code to 1.0.39 or later. S...

9.8CVSS6.5AI score0.00341EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/09/24 6:57 p.m.3 views

GHSA-2JJV-QF24-VFM4 Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions

When using Claude Code with Yarn installed, Yarn config files can trigger code execution when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins and yarnPath could be executed prior to the user accepting the risks of working in an untruste...

7.7CVSS7.2AI score0.00341EPSS
Exploits0References6
Snyk
Snyk
added 2025/09/24 6:57 p.m.3 views

Missing Authorization

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Missing Authorization via the...

7.7CVSS7.9AI score0.00341EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/09/24 6:57 p.m.9 views

Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions

When using Claude Code with Yarn installed, Yarn config files can trigger code execution when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins and yarnPath could be executed prior to the user accepting the risks of working in an untruste...

9.8CVSS7.3AI score0.00341EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/24 12:0 a.m.7 views

PT-2025-39338

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 1.0.39 Description Claude Code is an agentic coding tool. When used with Yarn versions 2.0 and higher, Yarn plugins are automatically executed when running yarn --version in versions prior to 1.0.39. This could...

7.7CVSS6.8AI score0.00341EPSS
Exploits0References10
CNNVD
CNNVD
added 2025/09/24 12:0 a.m.5 views

Claude Code 安全漏洞

Claude Code is an open source proxy coding tool from Anthropic. A security vulnerability exists in versions prior to Claude Code 1.0.39, which stems from the Yarn plugin auto-execution and could lead to bypassing the directory trust dialog...

9.8CVSS6.5AI score0.00341EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/17 5:19 p.m.8 views

Security Bulletin: IBM Watsonx BI is affected by a vulnerability found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic.

Summary Watsonx BI has a vulnerability found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic. Affected is the function explodeHostedGitFragment of the file src/resolvers/exotics/hosted-git-resolver.js. The manipulation leads to inefficient regular expression complexity...

7.5CVSS6.3AI score0.007EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2018-12556

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The signature verification routine in install.sh in yarnpkg/website through 2018-06-05 only verifies that the yarn release is signed by any arbitrary key in the...

5.9CVSS6.9AI score0.01775EPSS
Exploits0References2
OSV
OSV
added 2025/09/05 4:38 p.m.2 views

MAL-2025-46785 Malicious code in yarn-plugin-backstage (npm)

The package yarn-plugin-backstage was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/05 4:38 p.m.4 views

Malicious code in yarn-plugin-backstage (npm)

The package yarn-plugin-backstage was found to contain malicious code...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/09/01 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-9308

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation...

5.5CVSS5.5AI score0.00188EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2025/08/21 11:23 p.m.6 views

SUSE CVE-2025-9308

A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. Local access is required to approach this attack. This vulnerability only affects...

5.5CVSS6.8AI score0.00188EPSS
Exploits1References3
NVD
NVD
added 2025/08/21 4:15 p.m.5 views

CVE-2025-9308

A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. Local access is required to approach this attack. This vulnerability only affects...

5.5CVSS0.00188EPSS
Exploits1References4
OSV
OSV
added 2025/08/21 4:15 p.m.3 views

DEBIAN-CVE-2025-9308

A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. Local access is required to approach this attack. This vulnerability only affects...

5.5CVSS4.1AI score0.00188EPSS
Exploits1References1
OSV
OSV
added 2025/08/21 4:15 p.m.7 views

UBUNTU-CVE-2025-9308

A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. Local access is required to approach this attack. This vulnerability only affects...

5.5CVSS5.4AI score0.00188EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/08/21 4:2 p.m.11 views

CVE-2025-9308 yarnpkg Yarn request-manager.js setOptions redos

A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. Local access is required to approach this attack. This vulnerability only affects...

4.8CVSS0.00188EPSS
Exploits1References4
AlpineLinux
AlpineLinux
added 2025/08/21 4:2 p.m.3 views

CVE-2025-9308

A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. Local access is required to approach this attack. This vulnerability only affects...

5.5CVSS7.2AI score0.00188EPSS
Exploits1References4
OSV
OSV
added 2025/08/21 4:2 p.m.6 views

CVE-2025-9308 yarnpkg Yarn request-manager.js setOptions redos

A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. Local access is required to approach this attack. This vulnerability only affects...

4.8CVSS5.5AI score0.00188EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/08/21 4:2 p.m.2 views

CVE-2025-9308 yarnpkg Yarn request-manager.js setOptions redos

A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. Local access is required to approach this attack. This vulnerability only affects...

4.8CVSS7.1AI score0.00188EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2025/08/21 4:2 p.m.6 views

06demo-1 (=1.0.0), 1337cli (>=0.0.1 <=0.0.2) +4534 more potentially affected by CVE-2025-9308 via yarn (>=0.15.1 <=2.4.3)

yarn NPM version =0.15.1, =0.0.1, =1.0.9, =0.0.2, =1.17.6-next.0, =1.0.0, =1.0.0, =0.0.3, =1.1.2, =1.1.5 and more Source cves: CVE-2025-9308 Source advisory: SNYK:JS-YARN-12143051...

5.5CVSS5.7AI score0.00188EPSS
Exploits1
Rows per page
Query Builder