1291 matches found
CVE-2025-68120
CVE-2025-68120 is a remote code execution vulnerability in the Visual Studio Code Go extension that bypasses Restricted Mode. The root cause is an incomplete blacklist of trusted/untrusted configurations, allowing untrusted workspace settings (eg, go.buildFlags) to reach the extension (via extens...
CVE-2025-68120 Unexpected untrusted code execution in github.com/golang/vscode-go
To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode...
CVE-2025-68120 Unexpected untrusted code execution in github.com/golang/vscode-go
To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode...
GO-2025-4249 Unexpected untrusted code execution in github.com/golang/vscode-go
To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode...
PT-2025-53815
Name of the Vulnerable Software and Affected Versions Visual Studio Code Go extension affected versions not specified Description The Visual Studio Code Go extension was disabled in Restricted Mode to prevent unexpected untrusted code execution. Recommendations At the moment, there is no...
EUVD-2025-203811
Malicious code in vscode-azure-mcp-server npm...
Malicious Visual Studio Code Extensions Hide Trojan in Fake PNG Files
VS Code developers beware: ReversingLabs found 19 malicious extensions hiding trojans inside a popular dependency, disguising the final malware payload as a standard PNG image file...
MAL-2025-192568 Malicious code in EffetMer.darkgpt (VSCode)
The package downloads and executes a hidden executable from a malicious URL...
Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data
Cybersecurity researchers have discovered two new extensions on Microsoft Visual Studio Code VS Code Marketplace that are designed to infect developer machines with stealer malware. The VS Code extensions masquerade as a premium dark theme and an artificial intelligence AI-powered coding assistan...
📄 Visual Studio 1.39.0 Remote Debugger
Visual Studio versions 1.30.0 through 1.39.0 had a remote debugger enabled by default that could cause multiple security issues. Code included to scan for any listeners...
Security Update for Microsoft Visual Studio Code CoPilot Chat Extension (November 2025)
The Microsoft Visual Studio Code CoPilot Chat Extension prior to version 0.32.5. It is, therefore, affected by multiple vulnerabilities. - This vulnerability is a command injection flaw in the Visual Studio Code Copilot Chat Extension, where improper handling of special characters in...
Fake Prettier Extension on VSCode Marketplace Dropped Anivia Stealer
Cybersecurity firm Checkmarx Zero, in collaboration with Microsoft, removed a malicious 'prettier-vscode-plus' extension from the VSCode Marketplace. The fake coding tool was a Brandjacking attempt designed to deploy Anivia Stealer malware and steal Windows user credentials and data...
CVE-2025-64660
Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network...
EUVD-2025-198368
Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature over a network...
CVE-2025-64660
Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network...
CVE-2025-64660
Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network...
CVE-2025-64660
CVE-2025-64660 affects GitHub Copilot and Visual Studio Code with an improper access control flaw that enables an authorized attacker to execute code over a network. The vulnerability is described as a remote code execution issue due to access-control bypass, impacting Visual Studio Code and GitH...
CVE-2025-64660 GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability
...
CVE-2025-64660 GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability
...
GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability
Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network...