VYPR
Vendor

OpenAI

Products
3
CVEs
5
Across products
5
Status
Private

Products

3

Recent CVEs

5
  • CVE-2025-55345HigAug 13, 2025
    risk 0.57cvss 8.8epss 0.01

    Using Codex CLI in workspace-write mode inside a malicious context (repo, directory, etc) could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory.

  • CVE-2025-59532HigSep 22, 2025
    risk 0.49cvss epss 0.01

    Codex CLI is a coding agent from OpenAI that runs locally. In versions 0.2.0 to 0.38.0, due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated cwd as the sandbox’s writable root, including paths outside of the folder where the user started…

  • CVE-2026-11326MedJun 5, 2026
    risk 0.39cvss epss 0.00

    OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on *.openai.com origins. A cross-site scripting vulnerability in forum.openai.com could be used to access these functions, allowing access to browser history information and the ability to open or…

  • CVE-2025-54558MedJul 25, 2025
    risk 0.20cvss 4.1epss 0.00

    OpenAI Codex CLI before 0.9.0 auto-approves ripgrep (aka rg) execution even with the --pre or --hostname-bin or --search-zip or -z flag.

  • CVE-2024-40594LowJul 6, 2024
    risk 0.15cvss 2.3epss 0.00

    The OpenAI ChatGPT app before 2024-07-05 for macOS opts out of the sandbox, and stores conversations in cleartext in a location accessible to other apps.

VYPR — Vulnerability Intelligence