Copilot API Proxy 安全漏洞

Copilot API Proxy is a reverse proxy service for the GitHub Copilot API developed by Erick Christian. Versions of Copilot API Proxy prior to 0.7.0 contain security vulnerabilities. These vulnerabilities stem from a flaw in the cors function within the file/src/server.ts file of the component’s...

PT-2026-33809

A vulnerability was found in ericc-ch copilot-api up to 0.7.0. The impacted element is the function cors of the file src/server.ts of the component Token Endpoint. Performing a manipulation results in permissive cross-domain policy with untrusted domains. It is possible to initiate the attack...

RHEL 9 : grafana-pcp (RHSA-2026:8845)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:8845 advisory. The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.0-beta.7) +14 more potentially affected by unknown CVE via openclaw (>=0.0.1 <=2026.4.1)

openclaw NPM version =0.0.1, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.1.0, =0.1.5 - tokaroo-openclaw-provider =0.1.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-525J-HQQ2-66R4...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.0-beta.7) +14 more potentially affected by CVE-2026-43571 via openclaw (>=0.0.1 <=2026.4.1)

openclaw NPM version =0.0.1, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.1.0, =0.1.5 - tokaroo-openclaw-provider =0.1.1 and more Source cves: CVE-2026-43571 Source advisory: OSV:GHSA-82QX-6VJ7-P8M2...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.0-beta.7) +13 more potentially affected by CVE-2026-43571 via openclaw (>=2026.3.22 <=2026.4.1)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.1.0, =0.1.5 - tokaroo-openclaw-provider =0.1.1 Source cves: CVE-2026-43571 Source advisory: SNYK:JS-OPENCLAW-16109730...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.0-beta.7) +14 more potentially affected by CVE-2026-43582 via openclaw (>=0.0.1 <=2026.4.1)

openclaw NPM version =0.0.1, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.1.0, =0.1.5 - tokaroo-openclaw-provider =0.1.1 and more Source cves: CVE-2026-43582 Source advisory: OSV:GHSA-XQ94-R468-QWGJ...

Malicious code in azure-ai-agentserver-githubcopilot (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5302d683e413611c8a5f1bcfb18c19e34353a50c1d4450546b284197bab5a6f7 Package exploits dependency confusion. A beacon request is used to report usage back, but no additional information are exfiltrated. --- Category:...

MAL-2026-2831 Malicious code in azure-ai-agentserver-githubcopilot (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5302d683e413611c8a5f1bcfb18c19e34353a50c1d4450546b284197bab5a6f7 Package exploits dependency confusion. A beacon request is used to report usage back, but no additional information are exfiltrated. --- Category:...

copilot-studio-datainsight (>=0.0.1 <=0.0.6), flowise (>=1.6.1 <=2.2.8) potentially affected by CVE-2026-41138 via flowise-components (>=1.3.4 <=2.2.8)

flowise-components NPM version =1.3.4, =0.0.1, =1.6.1, =2.2.8 Source cves: CVE-2026-41138 Source advisory: SNYK:JS-FLOWISECOMPONENTS-16110988...

CVE-2026-23653

Improper neutralization of special elements used in a command 'command injection' in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network...

Vulnerabilities fixed in Microsoft Developer tools

Microsoft has fixed vulnerabilities in .NET, .NET Framework, Visual Studio and PowerShell. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Accessing sensitive data - Circumvention of a security...

EUVD-2026-22359

Improper neutralization of special elements used in a command 'command injection' in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network...

CVE-2026-23653

Improper neutralization of special elements used in a command 'command injection' in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network...

CVE-2026-23653 GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability

...

CVE-2026-23653

The CVE-2026-23653 vulnerability affects GitHub Copilot and the Visual Studio Code Copilot Chat Extension. It is described as an information disclosure caused by improper neutralization of special elements used in a command (command injection), potentially allowing an authorized user to disclose ...

CVE-2026-23653 GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability

...

GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability

Improper neutralization of special elements used in a command 'command injection' in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network...

PT-2026-32722

Name of the Vulnerable Software and Affected Versions GitHub Copilot affected versions not specified Visual Studio Code affected versions not specified Description Improper neutralization of special elements used in a command, known as command injection, allows an authorized attacker to disclose...

Microsoft GitHub Copilot and Visual Studio Code 命令注入漏洞

Microsoft GitHub Copilot and Visual Studio Code are a set of intelligent coding tools developed by the American company Microsoft. There is a command injection vulnerability present in Microsoft GitHub Copilot and Visual Studio Code. Attackers can exploit this vulnerability to obtain sensitive...