Package impact
npm / @openai/codex
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-61260 | unknown | — | — | 2mo ago | OpenAI Codex CLI enables code execution through malicious MCP (Model Context Protocol) configuration files | |||
| CVE-2025-59532 | unknown | — | — | 8mo ago | Codex has sandbox bypass due to bug in path configuration logic |