claude-code-ultimate-guide

marketing-shibata50/claude-code-ultimate-guide

Fork 0

Commit graph

Author	SHA1	Message	Date
Florian BRUNIAUX	92643c1a6b	docs(security): update threat-db v2.2.0 — CVE-2026-0755, mcp-run-python SSRF, 5 new scanners New CVEs: - CVE-2026-0755 (gemini-mcp-tool, CVSS 9.8, RCE, no fix yet) - SNYK-PYTHON-MCPRUNPYTHON-15250607 (mcp-run-python SSRF via Deno sandbox) New entries: - Attack technique T010: Agent-to-Agent Communication Injection - 5 new scanning tools: Proximity, Enkrypt AI, Cisco MCP Scanner, NeuralTrust, MCPScan.ai - 1 new defensive resource: Anthropic Claude Code Security (2026-02-21) - 4 new sources (Lakera, Penligent AI, Snyk, THN) Updated security-hardening.md: added CVE-2026-0755 and mcp-run-python SSRF to CVE table Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-02-22 16:14:34 +01:00
Florian BRUNIAUX	c3da456d3a	release: v3.27.6 - Sonnet 4.6 default + 200K vs 1M context guide - Pricing table: Sonnet 4.6 now default (Feb 2026) - New section: 200K vs 1M context decision guide (MRCR bench, cost table, use cases) - threat-db.yaml v2.1.0: CVE-2026-23744, Slopsquatting T009, OWASP Agentic AI Top 10 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-02-18 09:33:55 +01:00
Florian BRUNIAUX	deb518ceff	fix(security): fact-check corrections across threat-db and hardening guide - CVE-2025-53109/53110: fix version 0.6.4 → 0.6.3 (per NVD/Cymulate) - CVE-2025-53967: CVSS 8.0 → 7.5 (per NVD) - CVE-2026-25536: add missing fixed_in 1.26.0 - CVE-2026-25546: add missing fixed_in 0.1.1 - Rename pseudo-CVE "claude-code-v2.1.34" → ADVISORY-CC-2026-001 - Fix Flatt Security URL to specific blog post - Fix SentinelOne URL to specific CVE page Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-11 15:11:13 +01:00

Author

SHA1

Message

Date

Florian BRUNIAUX

92643c1a6b

docs(security): update threat-db v2.2.0 — CVE-2026-0755, mcp-run-python SSRF, 5 new scanners

New CVEs:
- CVE-2026-0755 (gemini-mcp-tool, CVSS 9.8, RCE, no fix yet)
- SNYK-PYTHON-MCPRUNPYTHON-15250607 (mcp-run-python SSRF via Deno sandbox)

New entries:
- Attack technique T010: Agent-to-Agent Communication Injection
- 5 new scanning tools: Proximity, Enkrypt AI, Cisco MCP Scanner, NeuralTrust, MCPScan.ai
- 1 new defensive resource: Anthropic Claude Code Security (2026-02-21)
- 4 new sources (Lakera, Penligent AI, Snyk, THN)

Updated security-hardening.md: added CVE-2026-0755 and mcp-run-python SSRF to CVE table

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-02-22 16:14:34 +01:00

Florian BRUNIAUX

c3da456d3a

release: v3.27.6 - Sonnet 4.6 default + 200K vs 1M context guide

- Pricing table: Sonnet 4.6 now default (Feb 2026)
- New section: 200K vs 1M context decision guide (MRCR bench, cost table, use cases)
- threat-db.yaml v2.1.0: CVE-2026-23744, Slopsquatting T009, OWASP Agentic AI Top 10

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-02-18 09:33:55 +01:00

Florian BRUNIAUX

deb518ceff

fix(security): fact-check corrections across threat-db and hardening guide

- CVE-2025-53109/53110: fix version 0.6.4 → 0.6.3 (per NVD/Cymulate)
- CVE-2025-53967: CVSS 8.0 → 7.5 (per NVD)
- CVE-2026-25536: add missing fixed_in 1.26.0
- CVE-2026-25546: add missing fixed_in 0.1.1
- Rename pseudo-CVE "claude-code-v2.1.34" → ADVISORY-CC-2026-001
- Fix Flatt Security URL to specific blog post
- Fix SentinelOne URL to specific CVE page

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-11 15:11:13 +01:00

3 commits