PT-2025-47816

Name of the Vulnerable Software and Affected Versions Roo Code versions prior to 3.26.7 Description Roo Code, an AI-powered autonomous coding agent, had a validation error that allowed it to automatically execute commands not on the approved list of prefixes. This occurred in versions before...

EUVD-2025-19434

Malicious code in bioql PyPI...

EUVD-2025-20299

Malicious code in bioql PyPI...

EUVD-2025-22473

Malicious code in bioql PyPI...

PT-2025-30619 · Robocode · Robocode

Name of the Vulnerable Software and Affected Versions: Roo Code versions 3.23.18 and below Description: Roo Code, an AI-powered autonomous coding agent, does not validate line breaks in its command input. This bypasses the allow-list mechanism due to a lack of parsing or validation logic,...

CVE-2025-53536

Roo Code is an AI-powered autonomous coding agent. Prior to 3.22.6, if the victim had "Write" auto-approved, an attacker with the ability to submit prompts to the agent could write to VS Code settings files and trigger code execution. There were multiple ways to achieve that. One example is with...

CVE-2025-53536

Roo Code (AI-powered autonomous coding agent) prior to version 3.22.6 is affected. If a victim had the Write auto-approved mode, an attacker who can submit prompts could write to VS Code settings files and trigger code execution. A concrete example is the php.validate.executablePath setting, wher...