VYPR

npm package

@gitlawb/openclaude

pkg:npm/%40gitlawb/openclaude

Vulnerabilities (2)

  • CVE-2026-42073MedJun 2, 2026
    affected < 0.5.1fixed 0.5.1

    OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the OpenClaude MCP authentication flow starts a temporary local HTTP server to handle OAuth callbacks. To prevent CSRF attacks, the server validates a sta

  • CVE-2026-35570HigApr 21, 2026
    affected < 0.5.1fixed 0.5.1

    OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Versions prior to 0.5.1 have a logic flaw in `bashToolHasPermission()` inside `src/tools/BashTool/bashPermissions.ts`. When the sandbox auto-allow feature is active and no explic