VYPR

npm package

@openai/codex

pkg:npm/%40openai/codex

Vulnerabilities (2)

  • CVE-2025-61260CriApr 14, 2026
    affected <= 0.23.0

    A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP (Model Context Protocol) configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex aut

  • CVE-2025-59532HigSep 22, 2025
    affected >= 0.2.0, < 0.39.0fixed 0.39.0

    Codex CLI is a coding agent from OpenAI that runs locally. In versions 0.2.0 to 0.38.0, due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated cwd as the sandbox’s writable root, including paths outside of the folder where the user started their