@openai/codex

npm2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting @openai/codexpage 1 of 1

CVE-2025-59532NONECVSS 0.0EG 0.0✓ Fixed in 0.39.0
2025-09-22
Codex CLI is a coding agent from OpenAI that runs locally. In versions 0.2.0 to 0.38.0, due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated cwd as the sandbox’s writable root, including paths outside …
CVE-2025-61260CRITICALCVSS 9.8EG 9.8
2026-04-14
A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP (Model Context Protocol) configuration files. The attack is triggered when a user runs the codex command inside a malic…

Check whether @openai/codex is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for @openai/codex CVEs against the assets you own.

Start Free Scan →