VYPR

Claude Hud

by Jarrodwatts

Source repositories

CVEs (3)

  • CVE-2026-47092HigMay 18, 2026
    risk 0.44cvss 7.8epss 0.01

    Claude HUD through 0.0.12, patched in commit 234d9aa, contains a command injection vulnerability that allows local attackers to execute arbitrary commands by manipulating the COMSPEC environment variable. Attackers can set COMSPEC to an arbitrary binary path before claude-hud…

  • CVE-2026-47090MedMay 18, 2026
    risk 0.23cvss 4.6epss 0.00

    Claude HUD through 0.0.12, patched in commit 234d9aa, constructs OSC 8 terminal hyperlink escape sequences using raw cwd and branchUrl values without stripping control characters or encoding embedded values, allowing attackers to inject arbitrary ANSI codes into terminal…

  • CVE-2026-47091LowMay 18, 2026
    risk 0.14cvss 3.3epss 0.00

    Claude HUD through 0.0.12, patched in commit 234d9aa, contains a path traversal vulnerability that allows attackers to read arbitrary files by supplying an unvalidated transcript_path value via stdin JSON. Attackers can access any file readable by the process and the file…