Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40anthropic-ai/claude-code@1.0.0
Typenpm
Namespace@anthropic-ai
Nameclaude-code
Version1.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.1.84
Latest_non_vulnerable_version2.1.84
Affected_by_vulnerabilities
0
url VCID-23v9-9bjh-xucf
vulnerability_id VCID-23v9-9bjh-xucf
summary Claude Code is an agentic coding tool. At startup, Claude Code executed a command templated in with `git config user.email`. Prior to version 1.0.105, a maliciously configured user email in git could be used to trigger arbitrary code execution before a user accepted the workspace trust dialog. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to version 1.0.105 or the latest version.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-59041
reference_id
reference_type
scores
0
value 0.00529
scoring_system epss
scoring_elements 0.67733
published_at 2026-06-12T12:55:00Z
1
value 0.00529
scoring_system epss
scoring_elements 0.67743
published_at 2026-06-14T12:55:00Z
2
value 0.00529
scoring_system epss
scoring_elements 0.67643
published_at 2026-06-11T12:55:00Z
3
value 0.00529
scoring_system epss
scoring_elements 0.67745
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-59041
1
reference_url https://github.com/anthropics/claude-code
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/anthropics/claude-code
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-59041
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-59041
3
reference_url https://www.npmjs.com/package/@anthropic-ai/claude-code/v/1.0.105
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/@anthropic-ai/claude-code/v/1.0.105
4
reference_url https://github.com/advisories/GHSA-j4h9-wv2m-wrf7
reference_id GHSA-j4h9-wv2m-wrf7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j4h9-wv2m-wrf7
5
reference_url https://github.com/anthropics/claude-code/security/advisories/GHSA-j4h9-wv2m-wrf7
reference_id GHSA-j4h9-wv2m-wrf7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-10-15T16:00:32Z/
url https://github.com/anthropics/claude-code/security/advisories/GHSA-j4h9-wv2m-wrf7
fixed_packages
0
url pkg:npm/%40anthropic-ai/claude-code@1.0.105
purl pkg:npm/%40anthropic-ai/claude-code@1.0.105
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8hkg-9y7u-nuee
1
vulnerability VCID-9xnn-xb63-4kcy
2
vulnerability VCID-bq1w-3v69-pbce
3
vulnerability VCID-eknb-tjkn-nucw
4
vulnerability VCID-jngf-93ma-ufh5
5
vulnerability VCID-k12x-zwx4-vbdc
6
vulnerability VCID-m35s-19cy-7fah
7
vulnerability VCID-nnbh-d85s-9fcq
8
vulnerability VCID-q4mz-ep5j-zqd9
9
vulnerability VCID-s93j-6ywj-mkgp
10
vulnerability VCID-tvxd-p441-5fa9
11
vulnerability VCID-vfe2-d3w2-bbdq
12
vulnerability VCID-wz3k-jht3-wqd7
13
vulnerability VCID-zvre-m7v3-qygz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540anthropic-ai/claude-code@1.0.105
aliases CVE-2025-59041, GHSA-j4h9-wv2m-wrf7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-23v9-9bjh-xucf
1
url VCID-58b9-dry7-m3ae
vulnerability_id VCID-58b9-dry7-m3ae
summary 
Claude Code Vulnerable to Arbitrary Code Execution Due to Insufficient Startup Warning
When Claude Code was started in a new directory, it displayed a warning asking, "Do you trust the files in this folder?". This warning did not properly document that selecting "Yes, proceed" would allow Claude Code to execute files in the folder without additional confirmation. This may not have been clear to a user so we have updated the warning to clarify this functionality. 

Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version.

Thank you to https://hackerone.com/avivdon for reporting this issue!
references
0
reference_url https://github.com/anthropics/claude-code
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/anthropics/claude-code
1
reference_url https://github.com/anthropics/claude-code/security/advisories/GHSA-ph6w-f82w-28w6
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/anthropics/claude-code/security/advisories/GHSA-ph6w-f82w-28w6
2
reference_url https://github.com/advisories/GHSA-ph6w-f82w-28w6
reference_id GHSA-ph6w-f82w-28w6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ph6w-f82w-28w6
fixed_packages
0
url pkg:npm/%40anthropic-ai/claude-code@1.0.87
purl pkg:npm/%40anthropic-ai/claude-code@1.0.87
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23v9-9bjh-xucf
1
vulnerability VCID-8hkg-9y7u-nuee
2
vulnerability VCID-9xnn-xb63-4kcy
3
vulnerability VCID-aaxm-zy23-jqgk
4
vulnerability VCID-bq1w-3v69-pbce
5
vulnerability VCID-eknb-tjkn-nucw
6
vulnerability VCID-jngf-93ma-ufh5
7
vulnerability VCID-k12x-zwx4-vbdc
8
vulnerability VCID-m35s-19cy-7fah
9
vulnerability VCID-nnbh-d85s-9fcq
10
vulnerability VCID-q4mz-ep5j-zqd9
11
vulnerability VCID-s93j-6ywj-mkgp
12
vulnerability VCID-tvbt-snyh-xybc
13
vulnerability VCID-tvxd-p441-5fa9
14
vulnerability VCID-vfe2-d3w2-bbdq
15
vulnerability VCID-wz3k-jht3-wqd7
16
vulnerability VCID-zvre-m7v3-qygz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540anthropic-ai/claude-code@1.0.87
aliases GHSA-ph6w-f82w-28w6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-58b9-dry7-m3ae
2
url VCID-8hkg-9y7u-nuee
vulnerability_id VCID-8hkg-9y7u-nuee
summary Claude Code is an agentic coding tool. Prior to version 2.0.74, due to a Bash command validation flaw in parsing ZSH clobber syntax, it was possible to bypass directory restrictions and write files outside the current working directory without user permission prompts. Exploiting this required the user to use ZSH and the ability to add untrusted content into a Claude Code context window. This issue has been patched in version 2.0.74.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-24053
reference_id
reference_type
scores
0
value 0.00025
scoring_system epss
scoring_elements 0.07374
published_at 2026-06-12T12:55:00Z
1
value 0.00025
scoring_system epss
scoring_elements 0.07364
published_at 2026-06-14T12:55:00Z
2
value 0.00025
scoring_system epss
scoring_elements 0.07367
published_at 2026-06-13T12:55:00Z
3
value 0.00025
scoring_system epss
scoring_elements 0.07331
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-24053
1
reference_url https://github.com/anthropics/claude-code
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/anthropics/claude-code
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-24053
reference_id CVE-2026-24053
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-24053
3
reference_url https://github.com/advisories/GHSA-q728-gf8j-w49r
reference_id GHSA-q728-gf8j-w49r
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q728-gf8j-w49r
4
reference_url https://github.com/anthropics/claude-code/security/advisories/GHSA-q728-gf8j-w49r
reference_id GHSA-q728-gf8j-w49r
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-03T21:22:17Z/
url https://github.com/anthropics/claude-code/security/advisories/GHSA-q728-gf8j-w49r
fixed_packages
0
url pkg:npm/%40anthropic-ai/claude-code@2.0.74
purl pkg:npm/%40anthropic-ai/claude-code@2.0.74
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eknb-tjkn-nucw
1
vulnerability VCID-k12x-zwx4-vbdc
2
vulnerability VCID-q4mz-ep5j-zqd9
3
vulnerability VCID-tvxd-p441-5fa9
4
vulnerability VCID-zvre-m7v3-qygz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540anthropic-ai/claude-code@2.0.74
aliases CVE-2026-24053, GHSA-q728-gf8j-w49r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8hkg-9y7u-nuee
3
url VCID-9xnn-xb63-4kcy
vulnerability_id VCID-9xnn-xb63-4kcy
summary Claude Code is an agentic coding tool. Prior to version 2.0.31, due to an error in sed command parsing, it was possible to bypass the Claude Code read-only validation and write to arbitrary files on the host system. This issue has been patched in version 2.0.31.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-64755
reference_id
reference_type
scores
0
value 0.00114
scoring_system epss
scoring_elements 0.29787
published_at 2026-06-12T12:55:00Z
1
value 0.00114
scoring_system epss
scoring_elements 0.29789
published_at 2026-06-14T12:55:00Z
2
value 0.00114
scoring_system epss
scoring_elements 0.29805
published_at 2026-06-13T12:55:00Z
3
value 0.00114
scoring_system epss
scoring_elements 0.2959
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-64755
1
reference_url https://github.com/anthropics/claude-code
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/anthropics/claude-code
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64755
reference_id CVE-2025-64755
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-64755
3
reference_url https://github.com/advisories/GHSA-7mv8-j34q-vp7q
reference_id GHSA-7mv8-j34q-vp7q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7mv8-j34q-vp7q
4
reference_url https://github.com/anthropics/claude-code/security/advisories/GHSA-7mv8-j34q-vp7q
reference_id GHSA-7mv8-j34q-vp7q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-11-24T17:16:40Z/
url https://github.com/anthropics/claude-code/security/advisories/GHSA-7mv8-j34q-vp7q
fixed_packages
0
url pkg:npm/%40anthropic-ai/claude-code@2.0.31
purl pkg:npm/%40anthropic-ai/claude-code@2.0.31
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8hkg-9y7u-nuee
1
vulnerability VCID-bq1w-3v69-pbce
2
vulnerability VCID-eknb-tjkn-nucw
3
vulnerability VCID-jngf-93ma-ufh5
4
vulnerability VCID-k12x-zwx4-vbdc
5
vulnerability VCID-m35s-19cy-7fah
6
vulnerability VCID-q4mz-ep5j-zqd9
7
vulnerability VCID-s93j-6ywj-mkgp
8
vulnerability VCID-tvxd-p441-5fa9
9
vulnerability VCID-zvre-m7v3-qygz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540anthropic-ai/claude-code@2.0.31
aliases CVE-2025-64755, GHSA-7mv8-j34q-vp7q
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9xnn-xb63-4kcy
4
url VCID-aaxm-zy23-jqgk
vulnerability_id VCID-aaxm-zy23-jqgk
summary Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. This vulnerability is fixed in 1.0.93.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-66032
reference_id
reference_type
scores
0
value 0.00039
scoring_system epss
scoring_elements 0.12213
published_at 2026-06-12T12:55:00Z
1
value 0.00039
scoring_system epss
scoring_elements 0.12193
published_at 2026-06-14T12:55:00Z
2
value 0.00039
scoring_system epss
scoring_elements 0.12215
published_at 2026-06-13T12:55:00Z
3
value 0.00039
scoring_system epss
scoring_elements 0.1212
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-66032
1
reference_url https://github.com/anthropics/claude-code
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/anthropics/claude-code
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-66032
reference_id CVE-2025-66032
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-66032
3
reference_url https://github.com/advisories/GHSA-xq4m-mc3c-vvg3
reference_id GHSA-xq4m-mc3c-vvg3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xq4m-mc3c-vvg3
4
reference_url https://github.com/anthropics/claude-code/security/advisories/GHSA-xq4m-mc3c-vvg3
reference_id GHSA-xq4m-mc3c-vvg3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-12-03T19:11:23Z/
url https://github.com/anthropics/claude-code/security/advisories/GHSA-xq4m-mc3c-vvg3
fixed_packages
0
url pkg:npm/%40anthropic-ai/claude-code@1.0.93
purl pkg:npm/%40anthropic-ai/claude-code@1.0.93
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23v9-9bjh-xucf
1
vulnerability VCID-8hkg-9y7u-nuee
2
vulnerability VCID-9xnn-xb63-4kcy
3
vulnerability VCID-bq1w-3v69-pbce
4
vulnerability VCID-eknb-tjkn-nucw
5
vulnerability VCID-jngf-93ma-ufh5
6
vulnerability VCID-k12x-zwx4-vbdc
7
vulnerability VCID-m35s-19cy-7fah
8
vulnerability VCID-nnbh-d85s-9fcq
9
vulnerability VCID-q4mz-ep5j-zqd9
10
vulnerability VCID-s93j-6ywj-mkgp
11
vulnerability VCID-tvbt-snyh-xybc
12
vulnerability VCID-tvxd-p441-5fa9
13
vulnerability VCID-vfe2-d3w2-bbdq
14
vulnerability VCID-wz3k-jht3-wqd7
15
vulnerability VCID-zvre-m7v3-qygz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540anthropic-ai/claude-code@1.0.93
aliases CVE-2025-66032, GHSA-xq4m-mc3c-vvg3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aaxm-zy23-jqgk
5
url VCID-bq1w-3v69-pbce
vulnerability_id VCID-bq1w-3v69-pbce
summary Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude folder and paths outside the project scope. Exploiting this required the ability to execute commands through Claude Code with the "accept edits" feature enabled. This issue has been patched in version 2.0.55.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25723
reference_id
reference_type
scores
0
value 0.00123
scoring_system epss
scoring_elements 0.31173
published_at 2026-06-12T12:55:00Z
1
value 0.00123
scoring_system epss
scoring_elements 0.31171
published_at 2026-06-14T12:55:00Z
2
value 0.00123
scoring_system epss
scoring_elements 0.31188
published_at 2026-06-13T12:55:00Z
3
value 0.00123
scoring_system epss
scoring_elements 0.30977
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25723
1
reference_url https://github.com/anthropics/claude-code
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/anthropics/claude-code
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25723
reference_id CVE-2026-25723
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25723
3
reference_url https://github.com/advisories/GHSA-mhg7-666j-cqg4
reference_id GHSA-mhg7-666j-cqg4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mhg7-666j-cqg4
4
reference_url https://github.com/anthropics/claude-code/security/advisories/GHSA-mhg7-666j-cqg4
reference_id GHSA-mhg7-666j-cqg4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-06T18:40:45Z/
url https://github.com/anthropics/claude-code/security/advisories/GHSA-mhg7-666j-cqg4
fixed_packages
0
url pkg:npm/%40anthropic-ai/claude-code@2.0.55
purl pkg:npm/%40anthropic-ai/claude-code@2.0.55
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8hkg-9y7u-nuee
1
vulnerability VCID-eknb-tjkn-nucw
2
vulnerability VCID-jngf-93ma-ufh5
3
vulnerability VCID-k12x-zwx4-vbdc
4
vulnerability VCID-m35s-19cy-7fah
5
vulnerability VCID-q4mz-ep5j-zqd9
6
vulnerability VCID-s93j-6ywj-mkgp
7
vulnerability VCID-tvxd-p441-5fa9
8
vulnerability VCID-zvre-m7v3-qygz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540anthropic-ai/claude-code@2.0.55
aliases CVE-2026-25723, GHSA-mhg7-666j-cqg4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bq1w-3v69-pbce
6
url VCID-d31d-gehk-27a7
vulnerability_id VCID-d31d-gehk-27a7
summary Claude Code is an agentic coding tool. Claude Code extensions in VSCode and forks (e.g., Cursor, Windsurf, and VSCodium) and JetBrains IDEs (e.g., IntelliJ, Pycharm, and Android Studio) are vulnerable to unauthorized websocket connections from an attacker when visiting attacker-controlled webpages. Claude Code for VSCode IDE extensions versions 0.2.116 through 1.0.23 are vulnerable. For Jetbrains IDE plugins, Claude Code [beta] versions 0.1.1 through 0.1.8 are vulnerable. In VSCode (and forks), exploitation would allow an attacker to read arbitrary files, see the list of files open in the IDE, get selection and diagnostics events from the IDE, or execute code in limited situations where a user has an open Jupyter Notebook and accepts a malicious prompt. In JetBrains IDEs, an attacker could get selection events, a list of open files, and a list of syntax errors. Claude released a patch for this issue on June 13th, 2025. Although Claude Code auto-updates when a user launch it and auto-updates the extensions, users should take the following steps, though the exact steps depend on one's integrated development environment (IDE). For VSCode, Cursor, Windsurf, VSCodium, and other VSCode forks, check the extension Claude Code for VSCode. Open the list of Extensions (View->Extensions), look for Claude Code for VSCode among installed extensions, update or uninstall any version prior to 1.0.24, and restart the IDE. For JetBrains IDEs including IntelliJ, PyCharm, and Android Studio, check the plugin Claude Code [Beta]. Open the Plugins list, look for Claude Code [Beta] among installed extensions, update or uninstall any version prior to 0.1.9, and restart the IDE.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-52882
reference_id
reference_type
scores
0
value 0.00263
scoring_system epss
scoring_elements 0.50135
published_at 2026-06-12T12:55:00Z
1
value 0.00263
scoring_system epss
scoring_elements 0.50001
published_at 2026-06-11T12:55:00Z
2
value 0.00496
scoring_system epss
scoring_elements 0.66356
published_at 2026-06-14T12:55:00Z
3
value 0.00496
scoring_system epss
scoring_elements 0.66358
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-52882
1
reference_url https://github.com/anthropics/claude-code
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/anthropics/claude-code
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-52882
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-52882
3
reference_url https://github.com/advisories/GHSA-9f65-56v6-gxw7
reference_id GHSA-9f65-56v6-gxw7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9f65-56v6-gxw7
4
reference_url https://github.com/anthropics/claude-code/security/advisories/GHSA-9f65-56v6-gxw7
reference_id GHSA-9f65-56v6-gxw7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-24T20:43:30Z/
url https://github.com/anthropics/claude-code/security/advisories/GHSA-9f65-56v6-gxw7
fixed_packages
0
url pkg:npm/%40anthropic-ai/claude-code@1.0.24
purl pkg:npm/%40anthropic-ai/claude-code@1.0.24
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23v9-9bjh-xucf
1
vulnerability VCID-58b9-dry7-m3ae
2
vulnerability VCID-8hkg-9y7u-nuee
3
vulnerability VCID-9xnn-xb63-4kcy
4
vulnerability VCID-aaxm-zy23-jqgk
5
vulnerability VCID-bq1w-3v69-pbce
6
vulnerability VCID-eknb-tjkn-nucw
7
vulnerability VCID-gcgy-28jg-6qcz
8
vulnerability VCID-jngf-93ma-ufh5
9
vulnerability VCID-k12x-zwx4-vbdc
10
vulnerability VCID-k1dd-n7pn-x3ar
11
vulnerability VCID-m35s-19cy-7fah
12
vulnerability VCID-nnbh-d85s-9fcq
13
vulnerability VCID-q4mz-ep5j-zqd9
14
vulnerability VCID-s93j-6ywj-mkgp
15
vulnerability VCID-tvbt-snyh-xybc
16
vulnerability VCID-tvxd-p441-5fa9
17
vulnerability VCID-vfe2-d3w2-bbdq
18
vulnerability VCID-wz3k-jht3-wqd7
19
vulnerability VCID-zvre-m7v3-qygz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540anthropic-ai/claude-code@1.0.24
aliases CVE-2025-52882, GHSA-9f65-56v6-gxw7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d31d-gehk-27a7
7
url VCID-eknb-tjkn-nucw
vulnerability_id VCID-eknb-tjkn-nucw
summary Claude Code is an agentic coding tool. Prior to version 2.1.64, Claude Code's sandbox did not prevent sandboxed processes from creating symlinks pointing to locations outside the workspace. When Claude Code subsequently wrote to a path within such a symlink, its unsandboxed process followed the symlink and wrote to the target location outside the workspace without prompting the user for confirmation. This allowed a sandbox escape where neither the sandboxed command nor the unsandboxed app could independently write outside the workspace, but their combination could write to arbitrary locations, potentially leading to code execution outside the sandbox. Reliably exploiting this required the ability to add untrusted content into a Claude Code context window to trigger sandboxed code execution via prompt injection. Users on standard Claude Code auto-update have received this fix automatically. Users performing manual updates are advised to update to version 2.1.64 or later.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-39861
reference_id
reference_type
scores
0
value 0.00168
scoring_system epss
scoring_elements 0.37939
published_at 2026-06-13T12:55:00Z
1
value 0.00168
scoring_system epss
scoring_elements 0.37927
published_at 2026-06-14T12:55:00Z
2
value 0.00168
scoring_system epss
scoring_elements 0.37736
published_at 2026-06-11T12:55:00Z
3
value 0.00168
scoring_system epss
scoring_elements 0.37913
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-39861
1
reference_url https://github.com/anthropics/claude-code
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/anthropics/claude-code
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-39861
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-39861
3
reference_url https://github.com/advisories/GHSA-vp62-r36r-9xqp
reference_id GHSA-vp62-r36r-9xqp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vp62-r36r-9xqp
4
reference_url https://github.com/anthropics/claude-code/security/advisories/GHSA-vp62-r36r-9xqp
reference_id GHSA-vp62-r36r-9xqp
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T13:44:29Z/
url https://github.com/anthropics/claude-code/security/advisories/GHSA-vp62-r36r-9xqp
fixed_packages
0
url pkg:npm/%40anthropic-ai/claude-code@2.1.64
purl pkg:npm/%40anthropic-ai/claude-code@2.1.64
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9f-gms1-5qbb
1
vulnerability VCID-k12x-zwx4-vbdc
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540anthropic-ai/claude-code@2.1.64
aliases CVE-2026-39861, GHSA-vp62-r36r-9xqp
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eknb-tjkn-nucw
8
url VCID-gcgy-28jg-6qcz
vulnerability_id VCID-gcgy-28jg-6qcz
summary Claude Code is an agentic coding tool. Prior to version 1.0.39, when running on a machine with Yarn 3.0 or above, Claude Code could have been tricked to execute code contained in a project via yarn plugins before the user accepted the startup trust dialog. Exploiting this would have required a user to start Claude Code in an untrusted directory and to be using Yarn 3.0 or above. This issue has been patched in version 1.0.39.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-65099
reference_id
reference_type
scores
0
value 0.00141
scoring_system epss
scoring_elements 0.3415
published_at 2026-06-12T12:55:00Z
1
value 0.00141
scoring_system epss
scoring_elements 0.34152
published_at 2026-06-14T12:55:00Z
2
value 0.00141
scoring_system epss
scoring_elements 0.34174
published_at 2026-06-13T12:55:00Z
3
value 0.00141
scoring_system epss
scoring_elements 0.33974
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-65099
1
reference_url https://github.com/anthropics/claude-code
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/anthropics/claude-code
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-65099
reference_id CVE-2025-65099
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-65099
3
reference_url https://github.com/advisories/GHSA-5hhx-v7f6-x7gv
reference_id GHSA-5hhx-v7f6-x7gv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5hhx-v7f6-x7gv
4
reference_url https://github.com/anthropics/claude-code/security/advisories/GHSA-5hhx-v7f6-x7gv
reference_id GHSA-5hhx-v7f6-x7gv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-20T14:20:38Z/
url https://github.com/anthropics/claude-code/security/advisories/GHSA-5hhx-v7f6-x7gv
fixed_packages
0
url pkg:npm/%40anthropic-ai/claude-code@1.0.39
purl pkg:npm/%40anthropic-ai/claude-code@1.0.39
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23v9-9bjh-xucf
1
vulnerability VCID-58b9-dry7-m3ae
2
vulnerability VCID-8hkg-9y7u-nuee
3
vulnerability VCID-9xnn-xb63-4kcy
4
vulnerability VCID-aaxm-zy23-jqgk
5
vulnerability VCID-bq1w-3v69-pbce
6
vulnerability VCID-eknb-tjkn-nucw
7
vulnerability VCID-jngf-93ma-ufh5
8
vulnerability VCID-k12x-zwx4-vbdc
9
vulnerability VCID-m35s-19cy-7fah
10
vulnerability VCID-nnbh-d85s-9fcq
11
vulnerability VCID-q4mz-ep5j-zqd9
12
vulnerability VCID-s93j-6ywj-mkgp
13
vulnerability VCID-tvbt-snyh-xybc
14
vulnerability VCID-tvxd-p441-5fa9
15
vulnerability VCID-vfe2-d3w2-bbdq
16
vulnerability VCID-wz3k-jht3-wqd7
17
vulnerability VCID-zvre-m7v3-qygz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540anthropic-ai/claude-code@1.0.39
aliases CVE-2025-65099, GHSA-5hhx-v7f6-x7gv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gcgy-28jg-6qcz
9
url VCID-jngf-93ma-ufh5
vulnerability_id VCID-jngf-93ma-ufh5
summary Claude Code is an agentic coding tool. Prior to version 2.0.65, vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirmed trust. An attacker-controlled repository could include a settings file that sets ANTHROPIC_BASE_URL to an attacker-controlled endpoint and when the repository was opened, Claude Code would read the configuration and immediately issue API requests before showing the trust prompt, potentially leaking the user's API keys. Users on standard Claude Code auto-update have received this fix already. Users performing manual updates are advised to update to version 2.0.65, which contains a patch, or to the latest version.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-21852
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.1031
published_at 2026-06-12T12:55:00Z
1
value 0.00033
scoring_system epss
scoring_elements 0.10293
published_at 2026-06-14T12:55:00Z
2
value 0.00033
scoring_system epss
scoring_elements 0.10261
published_at 2026-06-11T12:55:00Z
3
value 0.00033
scoring_system epss
scoring_elements 0.10315
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-21852
1
reference_url https://github.com/anthropics/claude-code
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/anthropics/claude-code
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-21852
reference_id CVE-2026-21852
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-21852
3
reference_url https://github.com/advisories/GHSA-jh7p-qr78-84p7
reference_id GHSA-jh7p-qr78-84p7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jh7p-qr78-84p7
4
reference_url https://github.com/anthropics/claude-code/security/advisories/GHSA-jh7p-qr78-84p7
reference_id GHSA-jh7p-qr78-84p7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-21T21:34:19Z/
url https://github.com/anthropics/claude-code/security/advisories/GHSA-jh7p-qr78-84p7
fixed_packages
0
url pkg:npm/%40anthropic-ai/claude-code@2.0.65
purl pkg:npm/%40anthropic-ai/claude-code@2.0.65
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8hkg-9y7u-nuee
1
vulnerability VCID-eknb-tjkn-nucw
2
vulnerability VCID-k12x-zwx4-vbdc
3
vulnerability VCID-m35s-19cy-7fah
4
vulnerability VCID-q4mz-ep5j-zqd9
5
vulnerability VCID-tvxd-p441-5fa9
6
vulnerability VCID-zvre-m7v3-qygz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540anthropic-ai/claude-code@2.0.65
aliases CVE-2026-21852, GHSA-jh7p-qr78-84p7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jngf-93ma-ufh5
10
url VCID-k12x-zwx4-vbdc
vulnerability_id VCID-k12x-zwx4-vbdc
summary Claude Code is an agentic coding tool. In versions prior to 2.1.75 on Windows, Claude Code loaded the system-wide default configuration from C:\ProgramData\ClaudeCode\managed-settings.json without validating directory ownership or access permissions. Because the ProgramData directory is writable by non-administrative users by default and the ClaudeCode subdirectory was not pre-created or access-restricted, a low-privileged local user could create this directory and place a malicious configuration file that would be automatically loaded for any user launching Claude Code on the same machine. Exploiting this would have required a shared multi-user Windows system and a victim user to launch Claude Code after the malicious configuration was placed. This issue has been fixed on version 2.1.75.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-35603
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01959
published_at 2026-06-14T12:55:00Z
1
value 0.00012
scoring_system epss
scoring_elements 0.01946
published_at 2026-06-11T12:55:00Z
2
value 0.00012
scoring_system epss
scoring_elements 0.0195
published_at 2026-06-13T12:55:00Z
3
value 0.00012
scoring_system epss
scoring_elements 0.01949
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-35603
1
reference_url https://github.com/anthropics/claude-code
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/anthropics/claude-code
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-35603
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-35603
3
reference_url https://github.com/advisories/GHSA-5cwg-9f6j-9jvx
reference_id GHSA-5cwg-9f6j-9jvx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5cwg-9f6j-9jvx
4
reference_url https://github.com/anthropics/claude-code/security/advisories/GHSA-5cwg-9f6j-9jvx
reference_id GHSA-5cwg-9f6j-9jvx
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-20T14:52:20Z/
url https://github.com/anthropics/claude-code/security/advisories/GHSA-5cwg-9f6j-9jvx
fixed_packages
0
url pkg:npm/%40anthropic-ai/claude-code@2.1.75
purl pkg:npm/%40anthropic-ai/claude-code@2.1.75
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2f9f-gms1-5qbb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540anthropic-ai/claude-code@2.1.75
aliases CVE-2026-35603, GHSA-5cwg-9f6j-9jvx
risk_score 3.3
exploitability 0.5
weighted_severity 6.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k12x-zwx4-vbdc
11
url VCID-k1dd-n7pn-x3ar
vulnerability_id VCID-k1dd-n7pn-x3ar
summary Claude Code is an agentic coding tool. Prior to Claude Code version 1.0.39, when using Claude Code with Yarn versions 2.0+, Yarn plugins are auto-executed when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins would be executed prior to the user accepting the risks of working in an untrusted directory. Users running Yarn Classic were unaffected by this issue. This issue has been fixed in version 1.0.39. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-59828
reference_id
reference_type
scores
0
value 0.00098
scoring_system epss
scoring_elements 0.2716
published_at 2026-06-12T12:55:00Z
1
value 0.00098
scoring_system epss
scoring_elements 0.27163
published_at 2026-06-14T12:55:00Z
2
value 0.00098
scoring_system epss
scoring_elements 0.26957
published_at 2026-06-11T12:55:00Z
3
value 0.00098
scoring_system epss
scoring_elements 0.27178
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-59828
1
reference_url https://github.com/anthropics/claude-code
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/anthropics/claude-code
2
reference_url https://www.cve.org/CVERecord?id=CVE-2025-59828
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cve.org/CVERecord?id=CVE-2025-59828
3
reference_url https://yarnpkg.com/advanced/plugin-tutorial
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://yarnpkg.com/advanced/plugin-tutorial
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-59828
reference_id CVE-2025-59828
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-59828
5
reference_url https://github.com/advisories/GHSA-2jjv-qf24-vfm4
reference_id GHSA-2jjv-qf24-vfm4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2jjv-qf24-vfm4
6
reference_url https://github.com/anthropics/claude-code/security/advisories/GHSA-2jjv-qf24-vfm4
reference_id GHSA-2jjv-qf24-vfm4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T19:48:56Z/
url https://github.com/anthropics/claude-code/security/advisories/GHSA-2jjv-qf24-vfm4
7
reference_url https://osv.dev/vulnerability/GHSA-2jjv-qf24-vfm4
reference_id GHSA-2jjv-qf24-vfm4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://osv.dev/vulnerability/GHSA-2jjv-qf24-vfm4
fixed_packages
0
url pkg:npm/%40anthropic-ai/claude-code@1.0.39
purl pkg:npm/%40anthropic-ai/claude-code@1.0.39
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23v9-9bjh-xucf
1
vulnerability VCID-58b9-dry7-m3ae
2
vulnerability VCID-8hkg-9y7u-nuee
3
vulnerability VCID-9xnn-xb63-4kcy
4
vulnerability VCID-aaxm-zy23-jqgk
5
vulnerability VCID-bq1w-3v69-pbce
6
vulnerability VCID-eknb-tjkn-nucw
7
vulnerability VCID-jngf-93ma-ufh5
8
vulnerability VCID-k12x-zwx4-vbdc
9
vulnerability VCID-m35s-19cy-7fah
10
vulnerability VCID-nnbh-d85s-9fcq
11
vulnerability VCID-q4mz-ep5j-zqd9
12
vulnerability VCID-s93j-6ywj-mkgp
13
vulnerability VCID-tvbt-snyh-xybc
14
vulnerability VCID-tvxd-p441-5fa9
15
vulnerability VCID-vfe2-d3w2-bbdq
16
vulnerability VCID-wz3k-jht3-wqd7
17
vulnerability VCID-zvre-m7v3-qygz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540anthropic-ai/claude-code@1.0.39
aliases CVE-2025-59828, GHSA-2jjv-qf24-vfm4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k1dd-n7pn-x3ar
12
url VCID-kfbk-chhn-syeu
vulnerability_id VCID-kfbk-chhn-syeu
summary Claude Code is an agentic coding tool. Prior to version 1.0.4, it's possible to bypass the Claude Code confirmation prompts to read a file and then send file contents over the network without user confirmation due to an overly broad allowlist of safe commands. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. Users on standard Claude Code auto-update received this fix automatically after release. Current users of Claude Code are unaffected, as versions prior to 1.0.24 are deprecated and have been forced to update.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-55284
reference_id
reference_type
scores
0
value 0.00137
scoring_system epss
scoring_elements 0.33402
published_at 2026-06-11T12:55:00Z
1
value 0.00406
scoring_system epss
scoring_elements 0.61608
published_at 2026-06-14T12:55:00Z
2
value 0.00406
scoring_system epss
scoring_elements 0.61604
published_at 2026-06-12T12:55:00Z
3
value 0.00406
scoring_system epss
scoring_elements 0.61612
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-55284
1
reference_url https://github.com/anthropics/claude-code
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/anthropics/claude-code
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-55284
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-55284
3
reference_url https://github.com/advisories/GHSA-x5gv-jw7f-j6xj
reference_id GHSA-x5gv-jw7f-j6xj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x5gv-jw7f-j6xj
4
reference_url https://github.com/anthropics/claude-code/security/advisories/GHSA-x5gv-jw7f-j6xj
reference_id GHSA-x5gv-jw7f-j6xj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-18T14:00:34Z/
url https://github.com/anthropics/claude-code/security/advisories/GHSA-x5gv-jw7f-j6xj
fixed_packages
0
url pkg:npm/%40anthropic-ai/claude-code@1.0.4
purl pkg:npm/%40anthropic-ai/claude-code@1.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23v9-9bjh-xucf
1
vulnerability VCID-58b9-dry7-m3ae
2
vulnerability VCID-8hkg-9y7u-nuee
3
vulnerability VCID-9xnn-xb63-4kcy
4
vulnerability VCID-aaxm-zy23-jqgk
5
vulnerability VCID-bq1w-3v69-pbce
6
vulnerability VCID-d31d-gehk-27a7
7
vulnerability VCID-eknb-tjkn-nucw
8
vulnerability VCID-gcgy-28jg-6qcz
9
vulnerability VCID-jngf-93ma-ufh5
10
vulnerability VCID-k12x-zwx4-vbdc
11
vulnerability VCID-k1dd-n7pn-x3ar
12
vulnerability VCID-m35s-19cy-7fah
13
vulnerability VCID-nnbh-d85s-9fcq
14
vulnerability VCID-q4mz-ep5j-zqd9
15
vulnerability VCID-s93j-6ywj-mkgp
16
vulnerability VCID-tvbt-snyh-xybc
17
vulnerability VCID-tvxd-p441-5fa9
18
vulnerability VCID-vfe2-d3w2-bbdq
19
vulnerability VCID-vge5-5hw7-x7ac
20
vulnerability VCID-wz3k-jht3-wqd7
21
vulnerability VCID-zvre-m7v3-qygz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540anthropic-ai/claude-code@1.0.4
aliases CVE-2025-55284, GHSA-x5gv-jw7f-j6xj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kfbk-chhn-syeu
13
url VCID-m35s-19cy-7fah
vulnerability_id VCID-m35s-19cy-7fah
summary Claude Code is an agentic coding tool. Prior to version 2.0.72, due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of untrusted commands through the find command. Reliably exploiting this required the ability to add untrusted content into a Claude Code context window. This issue has been patched in version 2.0.72.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-24887
reference_id
reference_type
scores
0
value 0.00068
scoring_system epss
scoring_elements 0.2122
published_at 2026-06-12T12:55:00Z
1
value 0.00068
scoring_system epss
scoring_elements 0.21212
published_at 2026-06-14T12:55:00Z
2
value 0.00068
scoring_system epss
scoring_elements 0.21234
published_at 2026-06-13T12:55:00Z
3
value 0.00068
scoring_system epss
scoring_elements 0.21039
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-24887
1
reference_url https://github.com/anthropics/claude-code
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/anthropics/claude-code
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-24887
reference_id CVE-2026-24887
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-24887
3
reference_url https://github.com/advisories/GHSA-qgqw-h4xq-7w8w
reference_id GHSA-qgqw-h4xq-7w8w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qgqw-h4xq-7w8w
4
reference_url https://github.com/anthropics/claude-code/security/advisories/GHSA-qgqw-h4xq-7w8w
reference_id GHSA-qgqw-h4xq-7w8w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-03T21:19:31Z/
url https://github.com/anthropics/claude-code/security/advisories/GHSA-qgqw-h4xq-7w8w
fixed_packages
0
url pkg:npm/%40anthropic-ai/claude-code@2.0.72
purl pkg:npm/%40anthropic-ai/claude-code@2.0.72
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8hkg-9y7u-nuee
1
vulnerability VCID-eknb-tjkn-nucw
2
vulnerability VCID-k12x-zwx4-vbdc
3
vulnerability VCID-q4mz-ep5j-zqd9
4
vulnerability VCID-tvxd-p441-5fa9
5
vulnerability VCID-zvre-m7v3-qygz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540anthropic-ai/claude-code@2.0.72
aliases CVE-2026-24887, GHSA-qgqw-h4xq-7w8w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m35s-19cy-7fah
14
url VCID-nnbh-d85s-9fcq
vulnerability_id VCID-nnbh-d85s-9fcq
summary Claude Code is an agentic coding tool. Versions below 1.0.120 failed to account for symlinks when checking permission deny rules. If a user explicitly denied Claude Code access to a file and Claude Code had access to a symlink pointing to that file, it was possible for Claude Code to access the file. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version. This issue is fixed in version 1.0.120.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-59829
reference_id
reference_type
scores
0
value 0.00064
scoring_system epss
scoring_elements 0.20176
published_at 2026-06-12T12:55:00Z
1
value 0.00064
scoring_system epss
scoring_elements 0.20172
published_at 2026-06-14T12:55:00Z
2
value 0.00064
scoring_system epss
scoring_elements 0.20003
published_at 2026-06-11T12:55:00Z
3
value 0.00064
scoring_system epss
scoring_elements 0.20197
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-59829
1
reference_url https://github.com/anthropics/claude-code
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/anthropics/claude-code
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-59829
reference_id CVE-2025-59829
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-59829
3
reference_url https://github.com/advisories/GHSA-66m2-gx93-v996
reference_id GHSA-66m2-gx93-v996
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-66m2-gx93-v996
4
reference_url https://github.com/anthropics/claude-code/security/advisories/GHSA-66m2-gx93-v996
reference_id GHSA-66m2-gx93-v996
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-03T20:24:19Z/
url https://github.com/anthropics/claude-code/security/advisories/GHSA-66m2-gx93-v996
fixed_packages
0
url pkg:npm/%40anthropic-ai/claude-code@1.0.120
purl pkg:npm/%40anthropic-ai/claude-code@1.0.120
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8hkg-9y7u-nuee
1
vulnerability VCID-9xnn-xb63-4kcy
2
vulnerability VCID-bq1w-3v69-pbce
3
vulnerability VCID-eknb-tjkn-nucw
4
vulnerability VCID-jngf-93ma-ufh5
5
vulnerability VCID-k12x-zwx4-vbdc
6
vulnerability VCID-m35s-19cy-7fah
7
vulnerability VCID-q4mz-ep5j-zqd9
8
vulnerability VCID-s93j-6ywj-mkgp
9
vulnerability VCID-tvxd-p441-5fa9
10
vulnerability VCID-zvre-m7v3-qygz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540anthropic-ai/claude-code@1.0.120
aliases CVE-2025-59829, GHSA-66m2-gx93-v996
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nnbh-d85s-9fcq
15
url VCID-q4mz-ep5j-zqd9
vulnerability_id VCID-q4mz-ep5j-zqd9
summary Claude Code is an agentic coding tool. Prior to version 2.1.2, Claude Code's bubblewrap sandboxing mechanism failed to properly protect the .claude/settings.json configuration file when it did not exist at startup. While the parent directory was mounted as writable and .claude/settings.local.json was explicitly protected with read-only constraints, settings.json was not protected if it was missing. This allowed malicious code running inside the sandbox to create this file and inject persistent hooks (such as SessionStart commands) that would execute with host privileges when Claude Code was restarted. This issue has been patched in version 2.1.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25725
reference_id
reference_type
scores
0
value 0.00026
scoring_system epss
scoring_elements 0.08011
published_at 2026-06-12T12:55:00Z
1
value 0.00026
scoring_system epss
scoring_elements 0.08003
published_at 2026-06-14T12:55:00Z
2
value 0.00026
scoring_system epss
scoring_elements 0.08006
published_at 2026-06-13T12:55:00Z
3
value 0.00026
scoring_system epss
scoring_elements 0.07977
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25725
1
reference_url https://github.com/anthropics/claude-code
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/anthropics/claude-code
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25725
reference_id CVE-2026-25725
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25725
3
reference_url https://github.com/advisories/GHSA-ff64-7w26-62rf
reference_id GHSA-ff64-7w26-62rf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ff64-7w26-62rf
4
reference_url https://github.com/anthropics/claude-code/security/advisories/GHSA-ff64-7w26-62rf
reference_id GHSA-ff64-7w26-62rf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-06T19:04:47Z/
url https://github.com/anthropics/claude-code/security/advisories/GHSA-ff64-7w26-62rf
fixed_packages
0
url pkg:npm/%40anthropic-ai/claude-code@2.1.2
purl pkg:npm/%40anthropic-ai/claude-code@2.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eknb-tjkn-nucw
1
vulnerability VCID-k12x-zwx4-vbdc
2
vulnerability VCID-tvxd-p441-5fa9
3
vulnerability VCID-zvre-m7v3-qygz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540anthropic-ai/claude-code@2.1.2
aliases CVE-2026-25725, GHSA-ff64-7w26-62rf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q4mz-ep5j-zqd9
16
url VCID-s93j-6ywj-mkgp
vulnerability_id VCID-s93j-6ywj-mkgp
summary Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like .claude, it was possible to bypass write protection and create or modify files without user confirmation. Reliably exploiting this required the ability to add untrusted content into a Claude Code context window. This issue has been patched in version 2.0.57.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25722
reference_id
reference_type
scores
0
value 0.00243
scoring_system epss
scoring_elements 0.47997
published_at 2026-06-13T12:55:00Z
1
value 0.00243
scoring_system epss
scoring_elements 0.47982
published_at 2026-06-14T12:55:00Z
2
value 0.00243
scoring_system epss
scoring_elements 0.47841
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25722
1
reference_url https://github.com/anthropics/claude-code
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/anthropics/claude-code
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25722
reference_id CVE-2026-25722
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25722
3
reference_url https://github.com/advisories/GHSA-66q4-vfjg-2qhh
reference_id GHSA-66q4-vfjg-2qhh
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-66q4-vfjg-2qhh
4
reference_url https://github.com/anthropics/claude-code/security/advisories/GHSA-66q4-vfjg-2qhh
reference_id GHSA-66q4-vfjg-2qhh
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-06T18:41:50Z/
url https://github.com/anthropics/claude-code/security/advisories/GHSA-66q4-vfjg-2qhh
fixed_packages
0
url pkg:npm/%40anthropic-ai/claude-code@2.0.57
purl pkg:npm/%40anthropic-ai/claude-code@2.0.57
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8hkg-9y7u-nuee
1
vulnerability VCID-eknb-tjkn-nucw
2
vulnerability VCID-jngf-93ma-ufh5
3
vulnerability VCID-k12x-zwx4-vbdc
4
vulnerability VCID-m35s-19cy-7fah
5
vulnerability VCID-q4mz-ep5j-zqd9
6
vulnerability VCID-tvxd-p441-5fa9
7
vulnerability VCID-zvre-m7v3-qygz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540anthropic-ai/claude-code@2.0.57
aliases CVE-2026-25722, GHSA-66q4-vfjg-2qhh
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s93j-6ywj-mkgp
17
url VCID-tvbt-snyh-xybc
vulnerability_id VCID-tvbt-snyh-xybc
summary Claude Code is an agentic coding tool. Due to an error in command parsing, versions prior to 1.0.105 were vulnerable to a bypass of the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to version 1.0.105 or the latest version.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-58764
reference_id
reference_type
scores
0
value 0.00683
scoring_system epss
scoring_elements 0.7221
published_at 2026-06-12T12:55:00Z
1
value 0.00683
scoring_system epss
scoring_elements 0.72217
published_at 2026-06-14T12:55:00Z
2
value 0.00683
scoring_system epss
scoring_elements 0.72126
published_at 2026-06-11T12:55:00Z
3
value 0.00683
scoring_system epss
scoring_elements 0.72222
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-58764
1
reference_url https://github.com/anthropics/claude-code
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/anthropics/claude-code
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-58764
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-58764
3
reference_url https://github.com/advisories/GHSA-qxfv-fcpc-w36x
reference_id GHSA-qxfv-fcpc-w36x
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qxfv-fcpc-w36x
4
reference_url https://github.com/anthropics/claude-code/security/advisories/GHSA-qxfv-fcpc-w36x
reference_id GHSA-qxfv-fcpc-w36x
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-09-11T14:27:25Z/
url https://github.com/anthropics/claude-code/security/advisories/GHSA-qxfv-fcpc-w36x
fixed_packages
0
url pkg:npm/%40anthropic-ai/claude-code@1.0.105
purl pkg:npm/%40anthropic-ai/claude-code@1.0.105
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8hkg-9y7u-nuee
1
vulnerability VCID-9xnn-xb63-4kcy
2
vulnerability VCID-bq1w-3v69-pbce
3
vulnerability VCID-eknb-tjkn-nucw
4
vulnerability VCID-jngf-93ma-ufh5
5
vulnerability VCID-k12x-zwx4-vbdc
6
vulnerability VCID-m35s-19cy-7fah
7
vulnerability VCID-nnbh-d85s-9fcq
8
vulnerability VCID-q4mz-ep5j-zqd9
9
vulnerability VCID-s93j-6ywj-mkgp
10
vulnerability VCID-tvxd-p441-5fa9
11
vulnerability VCID-vfe2-d3w2-bbdq
12
vulnerability VCID-wz3k-jht3-wqd7
13
vulnerability VCID-zvre-m7v3-qygz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540anthropic-ai/claude-code@1.0.105
aliases CVE-2025-58764, GHSA-qxfv-fcpc-w36x
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tvbt-snyh-xybc
18
url VCID-tvxd-p441-5fa9
vulnerability_id VCID-tvxd-p441-5fa9
summary Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolved the permission mode from settings files, including the repo-controlled .claude/settings.json, before determining whether to display the workspace trust confirmation dialog. A malicious repository could set permissions.defaultMode to bypassPermissions in its committed .claude/settings.json, causing the trust dialog to be silently skipped on first open. This allowed a user to be placed into a permissive mode without seeing the trust confirmation prompt, making it easier for an attacker-controlled repository to gain tool execution without explicit user consent. This issue has been patched in version 2.1.53.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33068
reference_id
reference_type
scores
0
value 0.00235
scoring_system epss
scoring_elements 0.46816
published_at 2026-06-12T12:55:00Z
1
value 0.00235
scoring_system epss
scoring_elements 0.46812
published_at 2026-06-14T12:55:00Z
2
value 0.00235
scoring_system epss
scoring_elements 0.46672
published_at 2026-06-11T12:55:00Z
3
value 0.00235
scoring_system epss
scoring_elements 0.4683
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33068
1
reference_url https://github.com/anthropics/claude-code
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/anthropics/claude-code
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33068
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33068
3
reference_url https://github.com/advisories/GHSA-mmgp-wc2j-qcv7
reference_id GHSA-mmgp-wc2j-qcv7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mmgp-wc2j-qcv7
4
reference_url https://github.com/anthropics/claude-code/security/advisories/GHSA-mmgp-wc2j-qcv7
reference_id GHSA-mmgp-wc2j-qcv7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-20T13:48:28Z/
url https://github.com/anthropics/claude-code/security/advisories/GHSA-mmgp-wc2j-qcv7
fixed_packages
0
url pkg:npm/%40anthropic-ai/claude-code@2.1.53
purl pkg:npm/%40anthropic-ai/claude-code@2.1.53
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eknb-tjkn-nucw
1
vulnerability VCID-k12x-zwx4-vbdc
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540anthropic-ai/claude-code@2.1.53
aliases CVE-2026-33068, GHSA-mmgp-wc2j-qcv7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tvxd-p441-5fa9
19
url VCID-vfe2-d3w2-bbdq
vulnerability_id VCID-vfe2-d3w2-bbdq
summary Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires a user to start Claude Code in an untrusted directory. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version. This issue is fixed in version 1.0.111.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-59536
reference_id
reference_type
scores
0
value 0.00043
scoring_system epss
scoring_elements 0.13722
published_at 2026-06-12T12:55:00Z
1
value 0.00043
scoring_system epss
scoring_elements 0.13697
published_at 2026-06-14T12:55:00Z
2
value 0.00043
scoring_system epss
scoring_elements 0.13605
published_at 2026-06-11T12:55:00Z
3
value 0.00043
scoring_system epss
scoring_elements 0.13723
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-59536
1
reference_url https://github.com/anthropics/claude-code
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/anthropics/claude-code
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-59536
reference_id CVE-2025-59536
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-59536
3
reference_url https://github.com/advisories/GHSA-4fgq-fpq9-mr3g
reference_id GHSA-4fgq-fpq9-mr3g
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4fgq-fpq9-mr3g
4
reference_url https://github.com/anthropics/claude-code/security/advisories/GHSA-4fgq-fpq9-mr3g
reference_id GHSA-4fgq-fpq9-mr3g
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-03T13:26:09Z/
url https://github.com/anthropics/claude-code/security/advisories/GHSA-4fgq-fpq9-mr3g
fixed_packages
0
url pkg:npm/%40anthropic-ai/claude-code@1.0.111
purl pkg:npm/%40anthropic-ai/claude-code@1.0.111
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8hkg-9y7u-nuee
1
vulnerability VCID-9xnn-xb63-4kcy
2
vulnerability VCID-bq1w-3v69-pbce
3
vulnerability VCID-eknb-tjkn-nucw
4
vulnerability VCID-jngf-93ma-ufh5
5
vulnerability VCID-k12x-zwx4-vbdc
6
vulnerability VCID-m35s-19cy-7fah
7
vulnerability VCID-nnbh-d85s-9fcq
8
vulnerability VCID-q4mz-ep5j-zqd9
9
vulnerability VCID-s93j-6ywj-mkgp
10
vulnerability VCID-tvxd-p441-5fa9
11
vulnerability VCID-zvre-m7v3-qygz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540anthropic-ai/claude-code@1.0.111
aliases CVE-2025-59536, GHSA-4fgq-fpq9-mr3g
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vfe2-d3w2-bbdq
20
url VCID-vge5-5hw7-x7ac
vulnerability_id VCID-vge5-5hw7-x7ac
summary Claude Code is an agentic coding tool. In versions below 1.0.20, an error in command parsing makes it possible to bypass the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. This is fixed in version 1.0.20.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-54795
reference_id
reference_type
scores
0
value 0.00541
scoring_system epss
scoring_elements 0.68213
published_at 2026-06-12T12:55:00Z
1
value 0.00541
scoring_system epss
scoring_elements 0.68223
published_at 2026-06-14T12:55:00Z
2
value 0.00541
scoring_system epss
scoring_elements 0.68124
published_at 2026-06-11T12:55:00Z
3
value 0.00541
scoring_system epss
scoring_elements 0.68225
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-54795
1
reference_url https://github.com/anthropics/claude-code
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/anthropics/claude-code
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-54795
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-54795
3
reference_url https://github.com/advisories/GHSA-x56v-x2h6-7j34
reference_id GHSA-x56v-x2h6-7j34
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x56v-x2h6-7j34
4
reference_url https://github.com/anthropics/claude-code/security/advisories/GHSA-x56v-x2h6-7j34
reference_id GHSA-x56v-x2h6-7j34
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-05T14:21:40Z/
url https://github.com/anthropics/claude-code/security/advisories/GHSA-x56v-x2h6-7j34
fixed_packages
0
url pkg:npm/%40anthropic-ai/claude-code@1.0.20
purl pkg:npm/%40anthropic-ai/claude-code@1.0.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-23v9-9bjh-xucf
1
vulnerability VCID-58b9-dry7-m3ae
2
vulnerability VCID-8hkg-9y7u-nuee
3
vulnerability VCID-9xnn-xb63-4kcy
4
vulnerability VCID-aaxm-zy23-jqgk
5
vulnerability VCID-bq1w-3v69-pbce
6
vulnerability VCID-d31d-gehk-27a7
7
vulnerability VCID-eknb-tjkn-nucw
8
vulnerability VCID-gcgy-28jg-6qcz
9
vulnerability VCID-jngf-93ma-ufh5
10
vulnerability VCID-k12x-zwx4-vbdc
11
vulnerability VCID-k1dd-n7pn-x3ar
12
vulnerability VCID-m35s-19cy-7fah
13
vulnerability VCID-nnbh-d85s-9fcq
14
vulnerability VCID-q4mz-ep5j-zqd9
15
vulnerability VCID-s93j-6ywj-mkgp
16
vulnerability VCID-tvbt-snyh-xybc
17
vulnerability VCID-tvxd-p441-5fa9
18
vulnerability VCID-vfe2-d3w2-bbdq
19
vulnerability VCID-wz3k-jht3-wqd7
20
vulnerability VCID-zvre-m7v3-qygz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540anthropic-ai/claude-code@1.0.20
aliases CVE-2025-54795, GHSA-x56v-x2h6-7j34
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vge5-5hw7-x7ac
21
url VCID-wz3k-jht3-wqd7
vulnerability_id VCID-wz3k-jht3-wqd7
summary Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a startsWith() function to validate trusted domains (e.g., docs.python.org, modelcontextprotocol.io), this could have enabled attackers to register domains like modelcontextprotocol.io.example.com that would pass validation. This could enable automatic requests to attacker-controlled domains without user consent, potentially leading to data exfiltration. This issue has been patched in version 1.0.111.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-24052
reference_id
reference_type
scores
0
value 0.00018
scoring_system epss
scoring_elements 0.04889
published_at 2026-06-12T12:55:00Z
1
value 0.00018
scoring_system epss
scoring_elements 0.04863
published_at 2026-06-14T12:55:00Z
2
value 0.00018
scoring_system epss
scoring_elements 0.04884
published_at 2026-06-11T12:55:00Z
3
value 0.00018
scoring_system epss
scoring_elements 0.04874
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-24052
1
reference_url https://github.com/anthropics/claude-code
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/anthropics/claude-code
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-24052
reference_id CVE-2026-24052
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-24052
3
reference_url https://github.com/advisories/GHSA-vhw5-3g5m-8ggf
reference_id GHSA-vhw5-3g5m-8ggf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vhw5-3g5m-8ggf
4
reference_url https://github.com/anthropics/claude-code/security/advisories/GHSA-vhw5-3g5m-8ggf
reference_id GHSA-vhw5-3g5m-8ggf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-04T20:00:03Z/
url https://github.com/anthropics/claude-code/security/advisories/GHSA-vhw5-3g5m-8ggf
fixed_packages
0
url pkg:npm/%40anthropic-ai/claude-code@1.0.111
purl pkg:npm/%40anthropic-ai/claude-code@1.0.111
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8hkg-9y7u-nuee
1
vulnerability VCID-9xnn-xb63-4kcy
2
vulnerability VCID-bq1w-3v69-pbce
3
vulnerability VCID-eknb-tjkn-nucw
4
vulnerability VCID-jngf-93ma-ufh5
5
vulnerability VCID-k12x-zwx4-vbdc
6
vulnerability VCID-m35s-19cy-7fah
7
vulnerability VCID-nnbh-d85s-9fcq
8
vulnerability VCID-q4mz-ep5j-zqd9
9
vulnerability VCID-s93j-6ywj-mkgp
10
vulnerability VCID-tvxd-p441-5fa9
11
vulnerability VCID-zvre-m7v3-qygz
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540anthropic-ai/claude-code@1.0.111
aliases CVE-2026-24052, GHSA-vhw5-3g5m-8ggf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wz3k-jht3-wqd7
22
url VCID-zvre-m7v3-qygz
vulnerability_id VCID-zvre-m7v3-qygz
summary Claude Code is an agentic coding tool. Prior to version 2.1.7, Claude Code failed to strictly enforce deny rules configured in settings.json when accessing files through symbolic links. If a user explicitly denied Claude Code access to a file (such as /etc/passwd) and Claude Code had access to a symbolic link pointing to that file, it was possible for Claude Code to read the restricted file through the symlink without triggering deny rule enforcement. This issue has been patched in version 2.1.7.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25724
reference_id
reference_type
scores
0
value 0.00061
scoring_system epss
scoring_elements 0.19461
published_at 2026-06-13T12:55:00Z
1
value 0.00061
scoring_system epss
scoring_elements 0.19437
published_at 2026-06-14T12:55:00Z
2
value 0.00061
scoring_system epss
scoring_elements 0.19441
published_at 2026-06-12T12:55:00Z
3
value 0.00061
scoring_system epss
scoring_elements 0.19271
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25724
1
reference_url https://github.com/anthropics/claude-code
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/anthropics/claude-code
2
reference_url https://www.terra.security/blog/when-ai-becomes-the-attack-surface-lessons-from-discovering-cve-2026-25724
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.terra.security/blog/when-ai-becomes-the-attack-surface-lessons-from-discovering-cve-2026-25724
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25724
reference_id CVE-2026-25724
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25724
4
reference_url https://github.com/advisories/GHSA-4q92-rfm6-2cqx
reference_id GHSA-4q92-rfm6-2cqx
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4q92-rfm6-2cqx
5
reference_url https://github.com/anthropics/claude-code/security/advisories/GHSA-4q92-rfm6-2cqx
reference_id GHSA-4q92-rfm6-2cqx
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-06T19:23:19Z/
url https://github.com/anthropics/claude-code/security/advisories/GHSA-4q92-rfm6-2cqx
fixed_packages
0
url pkg:npm/%40anthropic-ai/claude-code@2.1.7
purl pkg:npm/%40anthropic-ai/claude-code@2.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eknb-tjkn-nucw
1
vulnerability VCID-k12x-zwx4-vbdc
2
vulnerability VCID-tvxd-p441-5fa9
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540anthropic-ai/claude-code@2.1.7
aliases CVE-2026-25724, GHSA-4q92-rfm6-2cqx
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zvre-m7v3-qygz
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540anthropic-ai/claude-code@1.0.0