Anthropic's coordinated vulnerability disclosure dashboard

Anthropic disclosed 1,596 security vulnerabilities across 281 open-source projects as of May 22, 2026, after using an early snapshot of its Claude Mythos Preview AI model to find the flaws in February. The company partnered with external security research firms to triage and validate findings, reporting only human-reviewed critical- or high-severity bugs to maintainers under a coordinated disclosure policy. Of the disclosed vulnerabilities, 97 have been patched upstream, with 88 receiving a CVE record or GitHub Security Advisory.

Anthropic's coordinated vulnerability disclosure dashboard Last updated 2026-05-22 10:27 PT. In February 2026, Anthropic began using an early snapshot of Claude Mythos Preview to find security vulnerabilities in open-source software. We then partnered with external security research firms to triage findings, validate them, and report human-reviewed critical- or high-severity vulnerabilities to the software's maintainers under our Coordinated Vulnerability Disclosure policy https://www.anthropic.com/coordinated-vulnerability-disclosure . This page tracks the findings that we've disclosed, and, in line with our policy, publishes details of the ones whose disclosure window has now closed. As of May 22, 2026, we've disclosed 1,596 vulnerabilities across 281 open source projects. To our knowledge, 97 of these have been patched. Of those, 88 have been assigned a Common Vulnerabilities and Exposure CVE record or a GitHub Security Advisory GHSA . In other cases, maintainers have shipped a fix without publishing an advisory. The number of vulnerabilities we've disclosed is a subset of the total number of vulnerabilities that Mythos Preview has found, since the process of independent human triage and review is the rate limiting step. This page covers a headline count of the vulnerabilities we've disclosed, and a breakdown of these by class. For those vulnerabilities we've disclosed and where the disclosure window has now closed, it also includes identifier records CVE & GHSA and finding details, further below. Finally, it includes a disclosure ledger, which lists a hash commitment for every finding we've disclosed that is still inside the disclosure window, so that the finding's existence and commitment date can be proved without revealing its content. 23,019 findings Candidates ledger 1,900 findings Reviewed by external security firms ledger 1,726 findings Confirmed valid 90.8% true positives of 1,900 ledger 467 findings Reported to maintainers ledger 1,129 findings Reported direct to maintainers by Anthropic, at their request May contain false positives ledger Disclosed Remediated 1,596 findings Total reported to maintainers ledger 1,451 findings Acknowledged by maintainer ledger 97 findings Patched upstream ledger 88 advisories Security advisories published ledger The statistics above reflect all bugs found by Claude Mythos Preview. In the near future, we'll add the ability to filter this data by severity. These figures are designed to reflect our coordinated vulnerability disclosure process, which works approximately as follows. A glossary of the terms is available on the About page. First, Mythos Preview finds candidate vulnerabilities, which we add to a list for human triage. This is the figure at the top. Then, in order to disclose a vulnerability to a maintainer, we take one of two steps. Triage: In most cases, we pass them to one of six external security research firms that we have engaged for this endeavor, or we triage them ourselves. We or the security research firms reproduce each issue, assess whether it is a real bug and if so, assess how severe it is , and then write a report for confirmed bugs that will go to the project's maintainer. Importantly, there are many additional bugs that we or our security partners have investigated and confirmed are real but that we have not yet reported to maintainers, due to capacity limitations. In our triage process, the "true positive rate" the number of findings confirmed as valid, as a share of the number of findings manually reviewed reflects how often the external security research firms determined that a finding Mythos Preview produced was a real vulnerability. This includes real bugs that we later discover have already been reported, and "won't fix" findings the bug is real, but the maintainer is unlikely to address it—e.g. because it falls outside the project's threat model, or affects code that isn't typically reachable . We include these in the true positive rate because we're reliant on our security research partners rather than maintainers to tell us how many bugs they've confirmed, and it's only after the maintainers have received the report and assessed the vulnerability that we'll learn whether a vulnerability is one they plan to fix. For this reason, it's also possible that a vendor has marked a vulnerability as a true positive or a false positive in error. Given this, the number of "true positives" in the dashboard above should only be taken as one proxy for impact. Another, more reliable one is the number of patches created, though this is only a lagging indicator of progress, since patches take a long time to create. Direct disclosure: Some vulnerabilities are disclosed to maintainers directly by Anthropic staff, and don't go through the same independent check. This happens when maintainers specifically request that we provide them un-triaged findings. Once bugs have either been triaged or directly disclosed, "Acknowledged by maintainer" counts all bugs whose reports maintainers have responded to. "Patched upstream" reflects the number of those vulnerabilities that maintainers have since created and released fixes for, though this does not guarantee that those patches have been widely installed. Finally, "Security advisories published" counts only those patched vulnerabilities that have since been issued either a Common Vulnerabilities and Exposure CVE record or a GitHub Security Advisory GHSA . Some advisories are now public, and we list them out further down on this page. We leave whether to create a security advisory up to the discretion of maintainers. See About about/index.html for more information. Once a finding has been validated by one of our external security research firms, a SHA-3-512 hash of the sealed report is published immediately as proof of possession. Status is shown once the maintainer has been notified; the identifier, project, and bug class are revealed only when the disclosure window closes. Committed entries that have not yet reached the maintainer show only the hash and commitment date. 1,611 / 1,611 · View full ledger → ledger/index.html | Date committed | Hash / identifier | Project | Bug class | Status | |---|---|---|---|---| | 2026-05-20 | c61fd338d6d28d96… | — | — | disclosed | | 2026-05-20 | 0944ac2cbe1e523c… | — | — | disclosed | | 2026-05-20 | 591324cb1c3c0bb4… | — | — | disclosed | | 2026-05-20 | 318f8c3596ed2be4… | — | — | disclosed | | 2026-05-20 | 813f7ef1002578f2… | — | — | disclosed | | 2026-05-20 | d0ef674136a61356… | — | — | disclosed | | 2026-05-20 | d9fb2084babdb6a2… | — | — | disclosed | | 2026-05-20 | 26ff1b26e4a5ed40… | — | — | disclosed | | 2026-05-20 | 3fb73aaa1cc702f0… | — | — | disclosed | | 2026-05-20 | 5477600813df2935… | — | — | disclosed | View all 1,611 entries → ledger/index.html Common Vulnerabilities and Exposures records assigned to findings disclosed through this program. The records below are publicly available. The remainder are reserved, pending publication by the assigning authority. CVE-2026-27654 https://nvd.nist.gov/vuln/detail/CVE-2026-27654 Heap buffer overflow in DAV COPY/MOVE with alias directive. Destination URI shorter than alias length causes size t underflow in ngx http map uri to path buffer calculation, then ngx copy overflows th unauthenticated remote file write in nginx WebDAV module CVE-2026-32316 https://nvd.nist.gov/vuln/detail/CVE-2026-32316 Integer overflow in string concatenation leading to 1 GB memcpy heap buffer overflow CVE-2026-33721 https://nvd.nist.gov/vuln/detail/CVE-2026-33721 Heap buffer overflow in SLD categorize threshold parsing due to wrong counter variable in reallocation guard CVE-2026-5199 https://nvd.nist.gov/vuln/detail/CVE-2026-5199 Cross-namespace manipulation including deletion of workflows on the same cluster CVE-2026-5446 https://nvd.nist.gov/vuln/detail/CVE-2026-5446 ARIA-GCM Nonce Reuse in TLS 1.2 Record Encryption in wolfSSL CVE-2026-5448 https://nvd.nist.gov/vuln/detail/CVE-2026-5448 Final Assessment: 2-Byte Heap Overflow in wolfSSL X509 notAfter / wolfSSL X509 notBefore CVE-2026-5466 https://nvd.nist.gov/vuln/detail/CVE-2026-5466 eccsi universal signature forgery via r 0 s 0 missing s CVE-2026-5477 https://nvd.nist.gov/vuln/detail/CVE-2026-5477 cmac 32 bit totalsz wraparound prefix substitution forg CVE-2026-5479 https://nvd.nist.gov/vuln/detail/CVE-2026-5479 wolfssl evp chacha20 poly1305 poly1305 tag never verifi CVE-2026-5500 https://nvd.nist.gov/vuln/detail/CVE-2026-5500 cms authenvelopeddata aead forgery via gcm tag truncati CVE-2026-5501 https://nvd.nist.gov/vuln/detail/CVE-2026-5501 wolfssl x509 verify cert leaf signature verification by CVE-2026-5503 https://nvd.nist.gov/vuln/detail/CVE-2026-5503 wolfssl ech heap buffer overflow via publicname sni pol CVE-2026-7474 https://nvd.nist.gov/vuln/detail/CVE-2026-7474 nomad: path-traversal at client/hostvolumemanager/host volume plugin.go:229 GitHub Security Advisory records assigned to findings disclosed through this program. The records below are publicly available. The remainder are reserved, pending publication by the assigning authority. GHSA-9f49-8x56-jmjc https://github.com/advisories/GHSA-9f49-8x56-jmjc Heap use-after-free write in metadata list management during XML data parsing due to incorrect list head pointer update GHSA-cc7p-2j3x-x7xf https://github.com/advisories/GHSA-cc7p-2j3x-x7xf Privilege Escalation/Bypass through UsersController- actionImpersonateWithToken GHSA-chgx-jx3p-rf73 https://github.com/advisories/GHSA-chgx-jx3p-rf73 LD-Signature bypass via JSON-LD named-graph restructuring GHSA-crr4-7rm4-8gpw https://github.com/advisories/GHSA-crr4-7rm4-8gpw SSRF Bypass via IPv6 Unspecified Address :: in Mastodon GHSA-f26g-jm89-4g65 https://github.com/advisories/GHSA-f26g-jm89-4g65 RCE when updating a Git submodule of a malicious repository GHSA-j273-m5qq-6825 https://github.com/advisories/GHSA-j273-m5qq-6825 Arbitrary file write due to backslash path traversal GHSA-mpxh-8fq3-x8mh https://github.com/advisories/GHSA-mpxh-8fq3-x8mh Heap-buffer-overflow in cliprdr main.c:547 heap-buffer-overflow write attacker-controlled offset, partially-controlled data via rle delta values; up to ~15kb overwrite past ptempdata with these parameters, further with larger nxdst in planar.c:472 Heap-buffer-overflow in sanitizer common interceptors.inc:827 GHSA-mvpx-xj7r-3p3r https://github.com/advisories/GHSA-mvpx-xj7r-3p3r Heap-buffer-overflow in cliprdr main.c:547 heap-buffer-overflow write attacker-controlled offset, partially-controlled data via rle delta values; up to ~15kb overwrite past ptempdata with these parameters, further with larger nxdst in planar.c:472 Heap-buffer-overflow in sanitizer common interceptors.inc:827 GHSA-p6r2-4hgm-m6ff https://github.com/advisories/GHSA-p6r2-4hgm-m6ff Heap-buffer-overflow in cliprdr main.c:547 heap-buffer-overflow write attacker-controlled offset, partially-controlled data via rle delta values; up to ~15kb overwrite past ptempdata with these parameters, further with larger nxdst in planar.c:472 Heap-buffer-overflow in sanitizer common interceptors.inc:827 GHSA-w52v-v783-gw97 https://github.com/advisories/GHSA-w52v-v783-gw97 SQL injection in Content API GHSA-x9h5-r9v2-vcww https://github.com/advisories/GHSA-x9h5-r9v2-vcww Heap buffer overflow in MVG pattern rendering via CopyMagickString without bounds check GHSA-xh8f-g2qw-gcm7 https://github.com/advisories/GHSA-xh8f-g2qw-gcm7 minio: path-traversal at cmd/xl-storage.go:3194-3218 sink ; cmd/storage-rest-server.go:1287-1326 handler This graph compares Claude's initial severity assessments against the external security research firms' assessments, for those findings that have completed triage. Cells on the diagonal indicate agreement. The number assessed here represents the subset of vulnerabilities included on our disclosure ledger that were reviewed by our security partners, rather than disclosed by us directly. Anthropic's severity assessments are produced before any maintainer input. Project maintainers often apply project-specific severity rules that Claude does not have access to at run time, so what one maintainer rates as critical another may rate as low. The external security research firms incorporate that context, which is why their assessments tend to be lower. This snapshot was generated on 2026-05-22 10:27 PT. The manifest hash below is the SHA-3-512 hash of the structured payload and is republished with every dated snapshot so any figure on this page can be verified against the machine-readable record data/payload.json . Revision 1 · checksum b7a0c5362f95291c017a1a208ae5d9ca3f44f7f0560ca3553ec88d46636999aafcf4ebbbe4fd344703e36dc33d492a58a1c965b8198801d5775e4d85f69ff8e4