368 matches found
MAL-2025-5048 Malicious code in plonkscript-vscode (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bd8b408dc44765c7024604210cc19ed0865efde3585895653edf022fecd41d5b Any computer that has this package installed or running should be considered...
CVE-2022-45025
Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom was discovered to contain a command injection vulnerability via the PDF file import function...
CVE-2022-45026
An issue in Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom allows attackers to execute arbitrary commands during the GFM export process...
CVE-2021-29658
The unofficial vscode-rufo extension before 0.0.4 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace folder...
CVE-2021-28956
The unofficial vscode-sass-lint aka Sass Lint extension through 1.0.7 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
CVE-2021-30502
The unofficial vscode-ghc-simple aka Simple Glasgow Haskell Compiler extension before 0.2.3 for Visual Studio Code allows remote code execution via a crafted workspace configuration with replCommand...
MAL-2025-3957 Malicious code in vscode-oja (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 222332856f685e334465b24346da36177ea57028e903aaf5c7b6fc845f1e601a The OpenSSF Package Analysis project identified 'vscode-oja' @ 100.0.2 npm as malicious. It is considered malicious because: - The package...
Malicious code in vscode-oja (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 222332856f685e334465b24346da36177ea57028e903aaf5c7b6fc845f1e601a The OpenSSF Package Analysis project identified 'vscode-oja' @ 100.0.2 npm as malicious. It is considered malicious because: - The package...
CVE-2025-3804
A vulnerability classified as critical has been found in thautwarm vscode-diana 0.0.1. Affected is an unknown function of the file Gen.py of the component Jinja2 Template Handler. The manipulation leads to injection. Attacking locally is a requirement. The exploit has been disclosed to the public...
CVE-2025-3804
CVE-2025-3804 affects thautwarm vscode-diana 0.0.1, specifically the Jinja2 Template Handler’s Gen.py component where an unknown function exposure enables injection. Local access is required; exploitation has been disclosed publicly. Multiple connected sources corroborate a critical issue with lo...
CVE-2025-3804 thautwarm vscode-diana Jinja2 Template Gen.py injection
A vulnerability classified as critical has been found in thautwarm vscode-diana 0.0.1. Affected is an unknown function of the file Gen.py of the component Jinja2 Template Handler. The manipulation leads to injection. Attacking locally is a requirement. The exploit has been disclosed to the public...
CVE-2025-3804 thautwarm vscode-diana Jinja2 Template Gen.py injection
A vulnerability classified as critical has been found in thautwarm vscode-diana 0.0.1. Affected is an unknown function of the file Gen.py of the component Jinja2 Template Handler. The manipulation leads to injection. Attacking locally is a requirement. The exploit has been disclosed to the public...
CVE-2025-3804 thautwarm vscode-diana Jinja2 Template Gen.py injection
A vulnerability classified as critical has been found in thautwarm vscode-diana 0.0.1. Affected is an unknown function of the file Gen.py of the component Jinja2 Template Handler. The manipulation leads to injection. Attacking locally is a requirement. The exploit has been disclosed to the public...
PT-2025-17381 · Jinja2 +1 · Jinja2 +2
Name of the Vulnerable Software and Affected Versions: thautwarm vscode-diana version 0.0.1 Description: A critical vulnerability has been found in the Jinja2 Template Handler component of thautwarm vscode-diana. The issue affects an unknown function of the file Gen.py and leads to injection. Loc...
VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware
Cybersecurity researchers have uncovered two malicious extensions in the Visual Studio Code VSCode Marketplace that are designed to deploy ransomware that's under development to its users. The extensions, named "ahban.shiba" and "ahban.cychelloworld," have since been taken down by the marketplace...
MAL-2025-2584 Malicious code in vscode-typescript-next (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9162b86c7482b306e1b5ef08b17ce67a14c45fbb9ae585e6113b17174fb27409 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in vscode-typescript-next (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9162b86c7482b306e1b5ef08b17ce67a14c45fbb9ae585e6113b17174fb27409 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in vscode-ps1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 89a6b0c5359c6999b0721fc722f11353dd05b6e52a6795c5da8174e0a353fa54 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Hemi VDP: VSCode launch.json file exposed on hemi.xyz
A .vscode/launch.json file was published publicly on https://hemi.xyz/...
FreeBSD : vscode -- multiple vulnerabilities (cbf5d976-656b-4bb6-805f-3af038e2de3e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the cbf5d976-656b-4bb6-805f-3af038e2de3e advisory. VSCode developers report: The update addresses these issues, including a fix for a security...