CVE-2021-28789

The unofficial apple/swift-format extension before 1.1.2 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted apple-swift-format.path configuration value that triggers execution upon opening the workspace...

CVE-2021-28791

The unofficial SwiftFormat extension before 1.3.7 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftformat.path configuration value that triggers execution upon opening the workspace...

CVE-2021-28790

The unofficial SwiftLint extension before 1.4.5 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftlint.path configuration value that triggers execution upon opening the workspace...

CVE-2021-21420

vscode-stripe is an extension for Visual Studio Code. A vulnerability in Stripe for Visual Studio Code extension exists when it loads an untrusted source-code repository containing malicious settings. An attacker who successfully exploited the vulnerability could run arbitrary code in the context...

CVE-2021-30124

The unofficial vscode-phpmd aka PHP Mess Detector extension before 1.3.0 for Visual Studio Code allows remote attackers to execute arbitrary code via a crafted phpmd.command value in a workspace folder...

CVE-2021-28953

The unofficial C/C++ Advanced Lint extension before 1.9.0 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted repository...

CVE-2021-28794

The unofficial ShellCheck extension before 0.13.4 for Visual Studio Code mishandles shellcheck.executablePath...

CVE-2021-30502

The unofficial vscode-ghc-simple aka Simple Glasgow Haskell Compiler extension before 0.2.3 for Visual Studio Code allows remote code execution via a crafted workspace configuration with replCommand...

CVE-2020-1481

A remote code execution vulnerability exists in the ESLint extension for Visual Studio Code when it validates source code after opening a project, aka 'Visual Studio Code ESLint Extention Remote Code Execution Vulnerability'...

CVE-2020-1416

An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability'...

CVE-2020-1192

A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads workspace settings from a notebook file, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1171...

CVE-2020-1171

A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads configuration files after opening a project, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1192...

CVE-2020-1343

An information disclosure vulnerability exists in Visual Studio Code Live Share Extension when it exposes tokens in plain text, aka 'Visual Studio Code Live Share Information Disclosure Vulnerability'...

CVE-2019-1414

An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer, aka 'Visual Studio Code Elevation of Privilege Vulnerability'...

The vulnerability of Visual Studio Code’s source editor lies in its use of files and directories accessible from external parties, which allows unauthorized access to protected information.

The vulnerability of Visual Studio Code’s source editor relates to the use of files and directories accessible from external parties. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

CVE-2025-21264

Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...

CVE-2025-21264

Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...

CVE-2025-21264

Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...

CVE-2025-21264

Visual Studio Code (VS Code) is affected by CVE-2025-21264, a local vulnerability described as a security feature bypass. The issue permits an unauthorized, local attacker to bypass a security feature due to how VS Code handles files/directories accessible to external parties and trusted domains....

CVE-2025-21264 Visual Studio Code Security Feature Bypass Vulnerability

...