130 matches found
CVE-2026-23653
Improper neutralization of special elements used in a command 'command injection' in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network...
CVE-2026-23653 GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability
...
CVE-2026-23653
The CVE-2026-23653 vulnerability affects GitHub Copilot and the Visual Studio Code Copilot Chat Extension. It is described as an information disclosure caused by improper neutralization of special elements used in a command (command injection), potentially allowing an authorized user to disclose ...
CVE-2026-23653 GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability
...
GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability
Improper neutralization of special elements used in a command 'command injection' in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network...
Microsoft GitHub Copilot and Visual Studio Code 命令注入漏洞
Microsoft GitHub Copilot and Visual Studio Code are a set of intelligent coding tools developed by the American company Microsoft. There is a command injection vulnerability present in Microsoft GitHub Copilot and Visual Studio Code. Attackers can exploit this vulnerability to obtain sensitive...
KLA90982 Multiple vulnerabilities in Microsoft Developer Tools
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, cause denial of service, gain privileges, spoof user interface. Below is a complete list of vulnerabilities: 1. An...
PT-2026-32722
Name of the Vulnerable Software and Affected Versions GitHub Copilot affected versions not specified Visual Studio Code affected versions not specified Description Improper neutralization of special elements used in a command, known as command injection, allows an authorized attacker to disclose...
Security Concerns in Generative AI Coding Assistants: Insights from Online Discussions on GitHub Copilot
Generative Artificial Intelligence GenAI has become a central component of many development tools e.g., GitHub Copilot that support software practitioners across multiple programming tasks, including code completion, documentation, and bug detection. However, current research has identified...
KLA90920 Multiple vulnerabilities in Microsoft Open Source Software
Multiple vulnerabilities were found in Microsoft Open Source Software. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerabilitycan be exploited remotely to execu...
CVE-2026-29783
The shell tool within GitHub Copilot CLI versions prior to and including 0.0.422 can allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent e.g., via prompt injection through repository files, MCP server...
@george.talusan/node-red-contrib-copilot (>=0.0.5 <=1.0.5), @github/copilot-sdk (>=0.1.9 <=0.1.31-unstable.0) +19 more potentially affected by CVE-2026-29783 via @github/copilot (>=0.0.375 <=0.0.421)
@github/copilot NPM version =0.0.375, =0.0.5, =0.1.9, =1.1.0, =0.0.0, =0.0.1, =1.2.3, =0.6.0, =1.0.1, =0.1.0, =1.0.0, =1.0.0, =1.0.15 - devdoctor-js =0.1.0 and more Source cves: CVE-2026-29783 Source advisory: SNYK:JS-GITHUBCOPILOT-15468228...
GHSA-G8R9-G2V8-JV6F GitHub Copilot CLI Dangerous Shell Expansion Patterns Enable Arbitrary Code Execution
Summary A security vulnerability has been identified in GitHub Copilot CLI's shell tool that could allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent e.g., via prompt injection through repository files...
Command Injection
Overview @github/copilot is a GitHub Copilot CLI brings the power of Copilot coding agent directly to your terminal. Affected versions of this package are vulnerable to Command Injection via crafted bash parameter expansion patterns in the shell command assessment process. An attacker can execute...
EUVD-2026-10049
GitHub Copilot CLI Dangerous Shell Expansion Patterns Enable Arbitrary Code Execution...
CVE-2026-29783 GitHub Copilot CLI allows for dangerous shell expansion patterns that enable arbitrary command execution
The shell tool within GitHub Copilot CLI versions prior to and including 0.0.422 can allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent e.g., via prompt injection through repository files, MCP server...
PT-2026-23732
Name of the Vulnerable Software and Affected Versions GitHub Copilot CLI versions prior to 0.0.423 Description The shell tool within GitHub Copilot CLI is susceptible to arbitrary code execution through crafted bash parameter expansion patterns. An attacker influencing commands executed by the...
GitHub Copilot CLI 操作系统命令注入漏洞
GitHub Copilot CLI is a terminal AI programming assistant open sourced by GitHub. Versions of GitHub Copilot CLI 0.0.422 and earlier had an operating system command injection vulnerability. This vulnerability stemmed from defects in shell security assessments, which could lead to arbitrary code...
Microsoft GitHub Copilot for JetBrains Command Injection Vulnerability
Microsoft GitHub Copilot for JetBrains is an AI programming assistant plugin from Microsoft USA that can be installed in various IDEs produced by JetBrains. A command injection vulnerability exists in Microsoft GitHub Copilot for JetBrains. The vulnerability stems from the application failing to...
Security Updates for Microsoft Visual Studio Products (February 2026)
The Microsoft Visual Studio Products are missing security updates. They are, therefore, affected by multiple vulnerabilities, including: - Improper neutralization of special elements used in a command 'command injection' in GitHub Copilot and Visual Studio allows an unauthorized attacker to execu...