pkg:npm/@anthropic-ai/claude-code

24 total CVEsCRITICAL1HIGH1

✅ Check your installed version

All known vulnerabilities

  • CRITICAL10.0CVE-2026-39861Claude Code: Sandbox Escape via Symlink Following Allows Arbitrary File Write Outside Workspace
    from 0, < 2.1.64
  • HIGH7.3CVE-2026-35603Claude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on Windows
    from 0, < 2.1.75
  • CVE-2026-40068Claude Code: Trust Dialog Bypass via Git Worktree Spoofing Allows Arbitrary Code Execution
    >= 2.1.63, < 2.1.84
  • CVE-2026-33068Claude Code has a Workspace Trust Dialog Bypass via Repo-Controlled Settings File
    from 0, < 2.1.53
  • CVE-2026-25725Claude Code has Sandbox Escape via Persistent Configuration Injection in settings.json
    from 0, < 2.1.2
  • CVE-2026-25724Claude Code has Permission Deny Bypass Through Symbolic Links
    from 0, < 2.1.7
  • CVE-2026-25723Claude Code Vulnerable to Command Injection via Piped sed Command Bypasses File Write Restrictions
    from 0, < 2.0.55
  • CVE-2026-25722Claude Code Vulnerable to Command Injection via Directory Change Bypasses Write Protection
    from 0, < 2.0.57
  • CVE-2026-24887Claude Code has a Command Injection in find Command Bypasses User Approval Prompt
    from 0, < 2.0.72
  • CVE-2026-24053Claude Code has a Path Restriction Bypass via ZSH Clobber which Allows Arbitrary File Writes
    from 0, < 2.0.74
  • CVE-2026-24052Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Domains
    from 0, < 1.0.111
  • CVE-2026-21852Claude Code Leaks Data via Malicious Environment Configuration Before Trust Confirmation
    from 0, < 2.0.65
  • CVE-2025-66032Claude Code Command Validation Bypass Allows Arbitrary Code Execution
    from 0, < 1.0.93
  • CVE-2025-64755@anthropic-ai/claude-code has Sed Command Validation Bypass that Allows Arbitrary File Writes
    from 0, < 2.0.31
  • CVE-2025-65099Claude Code vulnerable to command execution prior to startup trust dialog
    from 0, < 1.0.39
  • CVE-2025-59829Claude Code permission deny bypass through symlink
    from 0, < 1.0.120
  • CVE-2025-59536Claude Code can execute commands prior to the startup trust dialog
    from 0, < 1.0.111
  • CVE-2025-59828Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions
    from 0, < 1.0.39
  • CVE-2025-59041Claude Code vulnerable to arbitrary code execution caused by maliciously configured git email
    from 0, < 1.0.105
  • CVE-2025-58764Claude Code rg vulnerability does not protect against approval prompt bypass
    from 0, < 1.0.105
  • CVE-2025-55284Claude Code's Permissive Default Allowlist Enables Unauthorized File Read and Network Exfiltration in Claude Code
    from 0, < 1.0.4
  • CVE-2025-54795Claude Code echo command allowed bypass of user approval prompt for command execution
    from 0, < 1.0.20
  • CVE-2025-54794Claude Code Research Preview has a Path Restriction Bypass which could allow unauthorized file access
    from 0, < 0.2.111
  • CVE-2025-52882Claude Code Improper Authorization via websocket connections from arbitrary origins
    >= 0.2.116, < 1.0.24