Synced 16 Jun 2026 15:24 UTC Account
← All products

Claude Code

Anthropic · Developer Tools
↻ RSS feed
Monitors Claude Code and tailors your dashboard to that exact version.
all versions14/100 Critical

Summary iPlain-English security verdict for Claude Code, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.

Claude Code currently scores 14/100 — critical. No tracked vulnerabilities are currently known to be exploited in the wild. Upgrade promptly to address the open critical vulnerabilities.

Disclosure trend iNew CVEs published for Claude Code each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.

'19
'20
'21
'22
'23
'24
'25
'26

Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.

Most urgent first — actively exploited, then likeliest to be exploited.

CVE-2026-21852 HIGH CWE-522 EPSS 31% → fixed in 2.0.65 CVE-2025-54795 CRITICAL OS command injection EPSS 1% → fixed in 1.0.20 CVE-2025-54794 CRITICAL Path traversal EPSS 1% → fixed in 0.2.111 CVE-2025-66032 CRITICAL Command injection EPSS 1% → fixed in 1.0.93 CVE-2026-39861 CRITICAL Path traversal EPSS 1% → fixed in 2.1.64 CVE-2025-58764 CRITICAL Code injection EPSS 1% → fixed in 1.0.105 CVE-2025-59041 CRITICAL Code injection EPSS 1% → fixed in 1.0.105 CVE-2025-65099 CRITICAL Code injection EPSS 0% → fixed in 1.0.39 CVE-2026-25725 CRITICAL CWE-501 EPSS 0% → fixed in 2.1.2 CVE-2025-64755 CRITICAL OS command injection EPSS 0% → fixed in 2.0.31 CVE-2026-25722 CRITICAL Improper input validation EPSS 0% → fixed in 2.0.57 CVE-2025-59828 CRITICAL CWE-829 EPSS 0% → fixed in 1.0.39

See all 23 known Claude Code CVEs & security history →

Get alerted about Claude Code

Be emailed the moment Claude Code gets a newly exploited vulnerability (CISA KEV) or a release reaches end of life. Free · double opt-in · unsubscribe anytime.

We email only on real events for Claude Code — no marketing, no sharing, and we never know what you run. Track your whole stack →

Monitor up to 200 products — freeHit ☆ Monitor on anything you run, then sign in (no password) to sync your stack across devices and unlock smart insights, risk history & CSV/JSON exports. Sign in free →

Frequently asked

Is Claude Code safe and patched?

Claude Code currently scores 14/100 — critical. No tracked vulnerabilities are currently known to be exploited in the wild. Upgrade promptly to address the open critical vulnerabilities.

What should I do about Claude Code now?

Review the patch-priority list, apply the available fixes (or move to the latest release), and confirm against Anthropic's official advisory.

lifecycle unknown — needs latest supported version

Latest security news for Claude Code BETA

Attributed third-party reporting linked to Claude Code — newest first. We surface and link the source; we don’t assert our own findings. About Emerging →

Patch available ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New StoriesThe Hacker News · 11 Jun 2026 · medium confidence

More across all tracked software on the Emerging feed →

Informational only, from public data (NVD · CISA KEV · EPSS · endoflife.date), and can lag or miss vendor-specific fixes. Always confirm against Anthropic's official advisory before you patch or upgrade — Claude Code official site ↗