cc-audit 3.2.14

Security auditor for Claude Code skills, hooks, and MCP servers
Documentation
{
  "version": "1.0.1",
  "updated_at": "2026-01-27T01:23:49Z",
  "entries": [
    {
      "id": "CVE-2025-66032",
      "title": "Claude Code is an agentic coding tool",
      "description": "Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. This vulnerability is fixed in 1.0.93.",
      "severity": "critical",
      "affected_products": [
        {
          "vendor": "anthropic",
          "product": "claude_code",
          "version_affected": "< 1.0.93",
          "version_fixed": "1.0.93"
        }
      ],
      "cwe_ids": [
        "CWE-77"
      ],
      "references": [
        "https://nvd.nist.gov/vuln/detail/CVE-2025-66032",
        "https://github.com/anthropics/claude-code/security/advisories/GHSA-xq4m-mc3c-vvg3"
      ],
      "published_at": "2025-12-03T19:15:57.527",
      "cvss_score": 9.8
    },
    {
      "id": "CVE-2025-64755",
      "title": "Claude Code is an agentic coding tool",
      "description": "Claude Code is an agentic coding tool. Prior to version 2.0.31, due to an error in sed command parsing, it was possible to bypass the Claude Code read-only validation and write to arbitrary files on the host system. This issue has been patched in version 2.0.31.",
      "severity": "critical",
      "affected_products": [
        {
          "vendor": "anthropic",
          "product": "claude_code",
          "version_affected": "< 2.0.31",
          "version_fixed": "2.0.31"
        }
      ],
      "cwe_ids": [
        "CWE-78"
      ],
      "references": [
        "https://nvd.nist.gov/vuln/detail/CVE-2025-64755",
        "https://github.com/anthropics/claude-code/security/advisories/GHSA-7mv8-j34q-vp7q"
      ],
      "published_at": "2025-11-21T02:15:43.917",
      "cvss_score": 9.8
    },
    {
      "id": "CVE-2025-64660",
      "title": "Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to...",
      "description": "Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network.",
      "severity": "high",
      "affected_products": [
        {
          "vendor": "microsoft",
          "product": "visual_studio_code",
          "version_affected": "< 1.106.2",
          "version_fixed": "1.106.2"
        }
      ],
      "cwe_ids": [
        "CWE-284"
      ],
      "references": [
        "https://nvd.nist.gov/vuln/detail/CVE-2025-64660",
        "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64660"
      ],
      "published_at": "2025-11-20T23:15:56.943",
      "cvss_score": 8.0
    },
    {
      "id": "CVE-2025-65099",
      "title": "Claude Code is an agentic coding tool",
      "description": "Claude Code is an agentic coding tool. Prior to version 1.0.39, when running on a machine with Yarn 3.0 or above, Claude Code could have been tricked to execute code contained in a project via yarn plugins before the user accepted the startup trust dialog. Exploiting this would have required a user to start Claude Code in an untrusted directory and to be using Yarn 3.0 or above. This issue has been patched in version 1.0.39.",
      "severity": "critical",
      "affected_products": [
        {
          "vendor": "anthropic",
          "product": "claude_code",
          "version_affected": "< 1.0.39",
          "version_fixed": "1.0.39"
        }
      ],
      "cwe_ids": [
        "CWE-94"
      ],
      "references": [
        "https://nvd.nist.gov/vuln/detail/CVE-2025-65099",
        "https://github.com/anthropics/claude-code/security/advisories/GHSA-5hhx-v7f6-x7gv"
      ],
      "published_at": "2025-11-19T18:15:51.837",
      "cvss_score": 9.8
    },
    {
      "id": "CVE-2025-62453",
      "title": "Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an au...",
      "description": "Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally.",
      "severity": "medium",
      "affected_products": [
        {
          "vendor": "microsoft",
          "product": "visual_studio_code",
          "version_affected": "< 1.105.0",
          "version_fixed": "1.105.0"
        }
      ],
      "cwe_ids": [
        "CWE-693"
      ],
      "references": [
        "https://nvd.nist.gov/vuln/detail/CVE-2025-62453",
        "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62453"
      ],
      "published_at": "2025-11-11T18:15:50.423",
      "cvss_score": 5.0
    },
    {
      "id": "CVE-2025-54135",
      "title": "Cursor CurXecute Remote Code Execution",
      "description": "A vulnerability in Cursor IDE allows remote code execution through specially crafted project files. Attackers can execute arbitrary code when a victim opens a malicious project.",
      "severity": "high",
      "cvss_score": 8.8,
      "affected_products": [
        {
          "vendor": "cursor",
          "product": "cursor",
          "version_affected": "< 0.45.0",
          "version_fixed": "0.45.0"
        }
      ],
      "cwe_ids": [
        "CWE-94",
        "CWE-78"
      ],
      "references": [
        "https://nvd.nist.gov/vuln/detail/CVE-2025-54135"
      ],
      "published_at": "2025-01-20T00:00:00Z"
    },
    {
      "id": "CVE-2025-54136",
      "title": "Cursor MCPoison MCP Server Hijacking",
      "description": "MCPoison vulnerability in Cursor IDE allows attackers to hijack MCP server connections through environment variable manipulation, potentially leading to data exfiltration or malicious code execution.",
      "severity": "high",
      "cvss_score": 8.5,
      "affected_products": [
        {
          "vendor": "cursor",
          "product": "cursor",
          "version_affected": "< 0.45.0",
          "version_fixed": "0.45.0"
        }
      ],
      "cwe_ids": [
        "CWE-426",
        "CWE-200"
      ],
      "references": [
        "https://nvd.nist.gov/vuln/detail/CVE-2025-54136"
      ],
      "published_at": "2025-01-20T00:00:00Z"
    },
    {
      "id": "CVE-2025-6514",
      "title": "mcp-remote Remote Code Execution",
      "description": "A critical vulnerability in the mcp-remote package allows remote code execution through malicious MCP server responses. Attackers can execute arbitrary code on the client machine.",
      "severity": "critical",
      "cvss_score": 9.6,
      "affected_products": [
        {
          "vendor": "modelcontextprotocol",
          "product": "mcp-remote",
          "version_affected": "< 0.3.0",
          "version_fixed": "0.3.0"
        }
      ],
      "cwe_ids": [
        "CWE-94",
        "CWE-502"
      ],
      "references": [
        "https://nvd.nist.gov/vuln/detail/CVE-2025-6514"
      ],
      "published_at": "2025-01-18T00:00:00Z"
    },
    {
      "id": "CVE-2025-52882",
      "title": "Claude Code VSCode WebSocket Authentication Bypass",
      "description": "A vulnerability in Claude Code VSCode extension allows remote attackers to bypass WebSocket authentication, potentially leading to unauthorized code execution within the extension context.",
      "severity": "critical",
      "cvss_score": 9.8,
      "affected_products": [
        {
          "vendor": "anthropic",
          "product": "claude-code-vscode",
          "version_affected": "< 1.5.0",
          "version_fixed": "1.5.0"
        }
      ],
      "cwe_ids": [
        "CWE-287",
        "CWE-306"
      ],
      "references": [
        "https://nvd.nist.gov/vuln/detail/CVE-2025-52882"
      ],
      "published_at": "2025-01-15T00:00:00Z"
    },
    {
      "id": "CVE-2025-53110",
      "title": "MCP Directory Traversal",
      "description": "A directory traversal vulnerability in MCP file operations allows attackers to read or write files outside the intended directory scope.",
      "severity": "high",
      "cvss_score": 7.3,
      "affected_products": [
        {
          "vendor": "modelcontextprotocol",
          "product": "mcp",
          "version_affected": "< 1.0.0",
          "version_fixed": "1.0.0"
        }
      ],
      "cwe_ids": [
        "CWE-22",
        "CWE-73"
      ],
      "references": [
        "https://nvd.nist.gov/vuln/detail/CVE-2025-53110"
      ],
      "published_at": "2025-01-12T00:00:00Z"
    },
    {
      "id": "CVE-2025-53109",
      "title": "MCP Symbolic Link Bypass",
      "description": "A vulnerability in MCP's file access controls allows attackers to bypass path restrictions using symbolic links, potentially accessing sensitive files outside the allowed scope.",
      "severity": "high",
      "cvss_score": 8.4,
      "affected_products": [
        {
          "vendor": "modelcontextprotocol",
          "product": "mcp",
          "version_affected": "< 1.0.0",
          "version_fixed": "1.0.0"
        }
      ],
      "cwe_ids": [
        "CWE-59",
        "CWE-61"
      ],
      "references": [
        "https://nvd.nist.gov/vuln/detail/CVE-2025-53109"
      ],
      "published_at": "2025-01-12T00:00:00Z"
    },
    {
      "id": "CVE-2025-49596",
      "title": "MCP Inspector CSRF to RCE",
      "description": "MCP Inspector is vulnerable to Cross-Site Request Forgery (CSRF) attacks that can lead to Remote Code Execution (RCE). An attacker can craft a malicious web page that, when visited by a user with MCP Inspector running, can execute arbitrary commands.",
      "severity": "critical",
      "cvss_score": 9.4,
      "affected_products": [
        {
          "vendor": "modelcontextprotocol",
          "product": "mcp-inspector",
          "version_affected": "< 0.5.0",
          "version_fixed": "0.5.0"
        }
      ],
      "cwe_ids": [
        "CWE-352",
        "CWE-94"
      ],
      "references": [
        "https://nvd.nist.gov/vuln/detail/CVE-2025-49596"
      ],
      "published_at": "2025-01-10T00:00:00Z"
    }
  ]
}