@anthropic-ai/claude-code
This hub aggregates every CVE we track for @anthropic-ai/claude-code, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
19
CVEs tracked
10
Critical
6
High
0
In CISA KEV
Severity distribution
CRITICAL10HIGH6MEDIUM3
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
3
3
2
2
1
1
7
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting @anthropic-ai/claude-code.
- CVE-2026-25725Claude Code Has Sandbox Escape via Persistent Configuration Injection in settings.json10.0
- CVE-2026-25724Claude Code Has Permission Deny Bypass Through Symbolic Links7.5
- CVE-2026-25723Claude Code Vulnerable to Command Injection via Piped sed Command Bypasses File Write Restrictions6.5
- CVE-2026-25722Claude Code Vulnerable to Command Injection via Directory Change Bypasses Write Protection9.1
- CVE-2026-24887Claude Code has a Command Injection in find Command Bypasses User Approval Prompt8.8
- CVE-2026-24053Cluade Code has a Path Restriction Bypass via ZSH Clobber which Allows Arbitrary File Writes6.5
- CVE-2026-24052Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Domains7.4
- CVE-2026-21852Claude Code Leaks Data via Malicious Environment Configuration Before Trust Confirmation7.5
- CVE-2025-66032Claude Code Command Validation Bypass Allows Arbitrary Code Execution9.8
- CVE-2025-64755@anthropic-ai/claude-code has Sed Command Validation Bypass that Allows Arbitrary File Writes9.8
- CVE-2025-65099Claude Code vulnerable to command execution prior to startup trust dialog9.8
- CVE-2025-59829Claude Code: Permission deny bypass is possible through symlink6.5
- CVE-2025-59536Claude Code's startup trust dialog could lead to Command Execution attack8.8
- CVE-2025-59828Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions9.8
- CVE-2025-59041Claude Code vulnerable to arbitrary code execution caused by maliciously configured git email9.8
Product normalization is registry-driven with AI assist and human review. How it works