marketing-shibata50/claude-code-ultimate-guide
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
387 commits 1 branch 0 tags 20 MiB
Commit graph

6 commits

Author SHA1 Message Date
Florian BRUNIAUX
18a6e0ce5c docs(security): update threat-db v2.5.0 + security-hardening CVE table 
threat-db.yaml:
- 6 new CVEs: CVE-2026-25253 (OpenClaw 1-click RCE, CVSS 8.8),
  CVE-2026-25725 (Claude Code sandbox escape), CVE-2026-3484
  (nmap-mcp-server cmd injection), CVE-2025-35028 (HexStrike critical
  9.1, no patch), CVE-2025-15061 (Figma MCP critical 9.8),
  CVE-2026-0757 (MCP Manager sandbox escape)
- T013: Autonomous Safety Control Bypass (Ona research, 2026-03-03)
- openclaw v2026.1.29 added to minimum_safe_versions
- 10 new sources, version bump 2.4.0 → 2.5.0

security-hardening.md:
- CVE table extended from 9 to 15 entries
- Callouts added for 4 critical/unpatched CVEs

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-05 09:08:32 +01:00
Florian BRUNIAUX
155b07a589 feat: threat-db v2.4.0 + MCP guide section + resource evals + ci 
## threat-db v2.4.0
- CVE-2026-27735: path traversal in mcp-server-git git_add (CVSS 6.4)
- Campaign: Clinejection (Cline CLI 2.3.0 supply chain, 4000 downloads)
- T012: AI Recommendation Poisoning (Microsoft research, 50+ prompts)
- 3 new sources (NVD, Snyk, Microsoft Security Blog, Hacker News)

## guide/ultimate-guide.md
- New section "This Guide as an MCP Server" (§10) — installation,
  tools list, dev mode, usage examples, slash commands

## docs/resource-evaluations
- eval #070: claude-code-best-practice .claude/ config (score 4/5)
- eval #071: Steven Ge technical writing workflow (score TBD)
- eval #072: Rippletide AI reliability platform (score 2/5, watch only)
- 2026-02-26: boristane SDLC dead post evaluation
- README: count 60→72 evals, add #072 entry

## ci + config
- .github/workflows/trigger-landing-deploy.yml — auto-trigger landing
  rebuild on push to main (guide content changes)
- .gitignore: add .claude/agents/ exception + mcp-server/dist/ ignore

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-28 21:35:03 +01:00
Florian BRUNIAUX
ad735dfff4 docs(security): update threat-db v2.3.0 — CVE-2025-59536, CVE-2026-21852, +2 CVEs, T011 
New CVEs (4):
- CVE-2025-59536: Claude Code RCE via enableAllProjectMcpServers config (fixed 1.0.111)
- CVE-2026-21852: Claude Code API key theft via ANTHROPIC_BASE_URL redirect (fixed 2.0.65)
- CVE-2026-26029: sf-mcp-server command injection via child_process.exec
- CVE-2026-27203: eBay API MCP Server env variable injection

New attack technique:
- T011: Project Configuration Hijacking (.claude/settings.json / .mcp.json as attack surface)

New defensive resources:
- GuardFive AI Agent Security Scanner
- Palo Alto AI Runtime Security MCP Threat Detection

New sources (7): Check Point Research, The Hacker News, Trend Micro, 1Password, Red Hat, NVD x2

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-25 18:59:03 +01:00
Florian BRUNIAUX
92643c1a6b docs(security): update threat-db v2.2.0 — CVE-2026-0755, mcp-run-python SSRF, 5 new scanners 
New CVEs:
- CVE-2026-0755 (gemini-mcp-tool, CVSS 9.8, RCE, no fix yet)
- SNYK-PYTHON-MCPRUNPYTHON-15250607 (mcp-run-python SSRF via Deno sandbox)

New entries:
- Attack technique T010: Agent-to-Agent Communication Injection
- 5 new scanning tools: Proximity, Enkrypt AI, Cisco MCP Scanner, NeuralTrust, MCPScan.ai
- 1 new defensive resource: Anthropic Claude Code Security (2026-02-21)
- 4 new sources (Lakera, Penligent AI, Snyk, THN)

Updated security-hardening.md: added CVE-2026-0755 and mcp-run-python SSRF to CVE table

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-22 16:14:34 +01:00
Florian BRUNIAUX
c3da456d3a release: v3.27.6 - Sonnet 4.6 default + 200K vs 1M context guide 
- Pricing table: Sonnet 4.6 now default (Feb 2026)
- New section: 200K vs 1M context decision guide (MRCR bench, cost table, use cases)
- threat-db.yaml v2.1.0: CVE-2026-23744, Slopsquatting T009, OWASP Agentic AI Top 10

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-18 09:33:55 +01:00
Florian BRUNIAUX
deb518ceff fix(security): fact-check corrections across threat-db and hardening guide 
- CVE-2025-53109/53110: fix version 0.6.4 → 0.6.3 (per NVD/Cymulate)
- CVE-2025-53967: CVSS 8.0 → 7.5 (per NVD)
- CVE-2026-25536: add missing fixed_in 1.26.0
- CVE-2026-25546: add missing fixed_in 0.1.1
- Rename pseudo-CVE "claude-code-v2.1.34" → ADVISORY-CC-2026-001
- Fix Flatt Security URL to specific blog post
- Fix SentinelOne URL to specific CVE page

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-11 15:11:13 +01:00