pkg:npm/@anthropic-ai/claude-code

All known vulnerabilities

• CRITICAL10.0CVE-2026-39861Claude Code: Sandbox Escape via Symlink Following Allows Arbitrary File Write Outside Workspace
  from 0, < 2.1.64
• HIGH7.3CVE-2026-35603Claude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on Windows
  from 0, < 2.1.75
• —CVE-2026-40068Claude Code: Trust Dialog Bypass via Git Worktree Spoofing Allows Arbitrary Code Execution
  >= 2.1.63, < 2.1.84
• —Claude Code has a Workspace Trust Dialog Bypass via Repo-Controlled Settings File
  from 0, < 2.1.53
• —Claude Code has Sandbox Escape via Persistent Configuration Injection in settings.json
  from 0, < 2.1.2
• —Claude Code has Permission Deny Bypass Through Symbolic Links
  from 0, < 2.1.7
• —Claude Code Vulnerable to Command Injection via Piped sed Command Bypasses File Write Restrictions
  from 0, < 2.0.55
• —Claude Code Vulnerable to Command Injection via Directory Change Bypasses Write Protection
  from 0, < 2.0.57
• —Claude Code has a Command Injection in find Command Bypasses User Approval Prompt
  from 0, < 2.0.72
• —Claude Code has a Path Restriction Bypass via ZSH Clobber which Allows Arbitrary File Writes
  from 0, < 2.0.74
• —Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Domains
  from 0, < 1.0.111
• —Claude Code Leaks Data via Malicious Environment Configuration Before Trust Confirmation
  from 0, < 2.0.65
• —Claude Code Command Validation Bypass Allows Arbitrary Code Execution
  from 0, < 1.0.93
• —@anthropic-ai/claude-code has Sed Command Validation Bypass that Allows Arbitrary File Writes
  from 0, < 2.0.31
• —Claude Code vulnerable to command execution prior to startup trust dialog
  from 0, < 1.0.39
• —Claude Code permission deny bypass through symlink
  from 0, < 1.0.120
• —Claude Code can execute commands prior to the startup trust dialog
  from 0, < 1.0.111
• —Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions
  from 0, < 1.0.39
• —Claude Code vulnerable to arbitrary code execution caused by maliciously configured git email
  from 0, < 1.0.105
• —Claude Code rg vulnerability does not protect against approval prompt bypass
  from 0, < 1.0.105
• —Claude Code's Permissive Default Allowlist Enables Unauthorized File Read and Network Exfiltration in Claude Code
  from 0, < 1.0.4
• —Claude Code echo command allowed bypass of user approval prompt for command execution
  from 0, < 1.0.20
• —Claude Code Research Preview has a Path Restriction Bypass which could allow unauthorized file access
  from 0, < 0.2.111
• —Claude Code Improper Authorization via websocket connections from arbitrary origins
  >= 0.2.116, < 1.0.24