@anthropic-ai/claude-code (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package @anthropic-ai/claude-code, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (26)
CVE-2026-25725 — CVSS 10.0 (critical): Claude Code is an agentic coding tool. Prior to version 2.1.2, Claude Code's bubblewrap sandboxing mechanism failed to properly protect the…
CVE-2026-39861 — CVSS 10.0 (critical): Claude Code is an agentic coding tool. Prior to version 2.1.64, Claude Code's sandbox did not prevent sandboxed processes from creating…
CVE-2025-58764 — CVSS 9.8 (critical): Claude Code is an agentic coding tool. Due to an error in command parsing, versions prior to 1.0.105 were vulnerable to a bypass of the…
CVE-2025-59041 — CVSS 9.8 (critical): Claude Code is an agentic coding tool. At startup, Claude Code executed a command templated in with `git config user.email`. Prior to…
CVE-2025-66032 — CVSS 9.8 (critical): Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and short CLI flags, it was…
CVE-2025-54795 — CVSS 9.8 (critical): Claude Code is an agentic coding tool. In versions below 1.0.20, an error in command parsing makes it possible to bypass the Claude Code…
CVE-2025-59828 — CVSS 9.8 (critical): Claude Code is an agentic coding tool. Prior to Claude Code version 1.0.39, when using Claude Code with Yarn versions 2.0+, Yarn plugins…
CVE-2025-64755 — CVSS 9.8 (critical): Claude Code is an agentic coding tool. Prior to version 2.0.31, due to an error in sed command parsing, it was possible to bypass the…
CVE-2025-65099 — CVSS 9.8 (critical): Claude Code is an agentic coding tool. Prior to version 1.0.39, when running on a machine with Yarn 3.0 or above, Claude Code could have…
CVE-2025-54794 — CVSS 9.1 (critical): Claude Code is an agentic coding tool. In versions below 0.2.111, a path validation flaw using prefix matching instead of canonical path…
CVE-2026-25722 — CVSS 9.1 (critical): Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory changes when combined…
CVE-2026-54316 — CVSS 9.1 (critical): Claude Code is an agentic coding tool. From 0.2.54 until 2.1.163, because the hostname huggingface.co was pre-approved as a bare hostname…
CVE-2025-52882: Claude Code is an agentic coding tool. Claude Code extensions in VSCode and forks (e.g., Cursor, Windsurf, and VSCodium) and JetBrains IDEs…
CVE-2025-59536 — CVSS 8.8 (high): Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog…
CVE-2026-24887 — CVSS 8.8 (high): Claude Code is an agentic coding tool. Prior to version 2.0.72, due to an error in command parsing, it was possible to bypass the Claude…
CVE-2026-33068 — CVSS 8.8 (high): Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolved the permission mode from settings files, including the…
CVE-2026-40068 — CVSS 8.8 (high): In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without…
CVE-2025-55284 — CVSS 7.5 (high): Claude Code is an agentic coding tool. Prior to version 1.0.4, it's possible to bypass the Claude Code confirmation prompts to read a file…
CVE-2026-25724 — CVSS 7.5 (high): Claude Code is an agentic coding tool. Prior to version 2.1.7, Claude Code failed to strictly enforce deny rules configured in…
CVE-2026-21852 — CVSS 7.5 (high): Claude Code is an agentic coding tool. Prior to version 2.0.65, vulnerability in Claude Code's project-load flow allowed malicious…
CVE-2026-24052 — CVSS 7.4 (high): Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient URL validation in its trusted domain…
CVE-2026-35603 — CVSS 7.3 (high): Claude Code is an agentic coding tool. In versions prior to 2.1.75 on Windows, Claude Code loaded the system-wide default configuration…
CVE-2025-59829 — CVSS 6.5 (medium): Claude Code is an agentic coding tool. Versions below 1.0.120 failed to account for symlinks when checking permission deny rules. If a user…
CVE-2026-24053 — CVSS 6.5 (medium): Claude Code is an agentic coding tool. Prior to version 2.0.74, due to a Bash command validation flaw in parsing ZSH clobber syntax, it was…
CVE-2026-25723 — CVSS 6.5 (medium): Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations…
CVE-2026-46406 — CVSS 6.1 (medium): Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcoded, predictable…