56 matches found
CVE-2019-1414
CVE-2019-1414 affects Visual Studio Code. A local elevation-of-privilege vulnerability arises when VS Code exposes a debug listener/port to the local user, allowing code injection in the user context. Affected versions are generally prior to 1.39.1; remediation is to update VS Code to 1.39.1 or l...
CVE-2021-43891
A concrete exploit artifact exists for CVE-2021-43891: the Github repo Exploit for CVE-2021-43891 demonstrates a Proof-of-Concept remote code execution in Visual Studio Code via the Remote WSL component. The PoC provides build/install steps, a local server workflow, and specific file-system locat...
CVE-2020-16881
The CVE-2020-16881 entry describes a remote code execution vulnerability in Visual Studio Code triggered when a user opens a malicious package.json. The underlying issue allows code execution in the context of the current user, potentially taking full control if the user has admin rights. Exploit...
CVE-2022-24526
CVE-2022-24526 is a Visual Studio Code vulnerability described as Spoofing. Connected sources confirm a UI spoofing flaw in VS Code, with exploitation not detailed in the initial entry but reflected in multiple accompanying advisories. The vulnerability is tied to VS Code and has remediation refe...
CVE-2023-21779
CVE-2023-21779 is a Visual Studio Code remote code execution vulnerability. The entry indicates a HIGH severity (CVSSv3.1 7.8) with a local attack vector, requiring user interaction, and impacting the confidentiality, integrity, and availability of affected systems. The vulnerability is documente...
CVE-2021-34529
Technical details about CVE-2021-34529 (affected product, root cause, impact, or fixes) are not publicly provided in the connected documents; monitor official advisories and updates for authoritative information.
CVE-2022-30129
CVE-2022-30129 – Visual Studio Code Remote Code Execution is a published vulnerability involving a failure to properly filter externally entered data during code construction, enabling a remote attacker to execute arbitrary code on the affected Visual Studio Code instance. The issue is described ...
CVE-2023-33144
CVE-2023-33144 affects Visual Studio Code (older than 1.79.1) and is described as a session spoofing vulnerability. The Nessus/plugin text states an attacker could exploit to perform actions with the privileges of another user, implying a local-authentication bypass related to how VS Code handles...
CVE-2023-36742
Microsoft Visual Studio Code is affected by CVE-2023-36742 through vulnerable pre-1.82.1 builds. Connected documents describe a remote code execution scenario in VS Code where a user must open a malicious project; a crafted dependencies entry in package.json causes npm to execute scripts locally,...
CVE-2025-64660
CVE-2025-64660 affects GitHub Copilot and Visual Studio Code with an improper access control flaw that enables an authorized attacker to execute code over a network. The vulnerability is described as a remote code execution issue due to access-control bypass, impacting Visual Studio Code and GitH...
CVE-2022-41034
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2023-29338
CVE-2023-29338 is a Visual Studio Code information-disclosure spoofing vulnerability on Windows, enabling local attackers with user interaction to access sensitive data via spoofing vectors. Root cause is a spoofing flaw in VS Code (affected versions include 1.78.0 and earlier per FreeBSD VuXML e...
CVE-2022-26921
CVE-2022-26921 is a Local Privilege Escalation affecting Visual Studio Code. According to the CVE data, the vulnerability supports local attack vector, requires LOW privileges, and does not require user interaction (UI: NONE). The impact is described as high for confidentiality, integrity, and av...
CVE-2022-21991
CVE-2022-21991 is a remote code execution vulnerability in the Visual Studio Code Remote Development Extension. The provided documents confirm an RCE impact (high severity, CVSS v3.1 base 8.1) with network-based access and no user interaction, but do not specify affected product versions or explo...
CVE-2024-26165
CVE-2024-26165 is a Visual Studio Code Elevation of Privilege vulnerability. Connected sources (including the NCSC advisory) report an impact of privilege escalation with a CVSS score around 8.8 and note that updates exist to fix the issue. The NCSC guidance explicitly recommends installing the M...
CVE-2023-24893
CVE-2023-24893 affects Visual Studio Code; versions prior to 1.77.2 are vulnerable to remote code execution. An attacker could bypass authentication and execute arbitrary commands. Remediation: update VS Code to 1.77.2 or later per Nessus plugin details. Other sources corroborate RCE vectors for ...
CVE-2020-1416
CVE-2020-1416 is the Visual Studio and Visual Studio Code Elevation of Privilege vulnerability. The issue arises when these products load software dependencies, allowing a local attacker who can plant malicious content to execute arbitrary code with the user’s privileges. Microsoft’s advisory sta...
CVE-2020-16977
CVE-2020-16977 describes a remote code execution vulnerability in Visual Studio Code arising when the Python extension loads a Jupyter notebook file. An attacker who can entice a user to open a specially crafted notebook could run arbitrary code in the user’s context, potentially gaining full sys...
CVE-2021-1639
CVE-2021-1639 appears as a Visual Studio Code remote code execution vulnerability. Connected sources confirm Visual Studio Code is affected and note public exploits exist (Kaspersky). The documents provide high-severity impact for this CVE but do not consistently expose concrete root-cause detail...
CVE-2020-17148
CVE-2020-17148 affects the Visual Studio Code Remote Development Extension (SSH-based remote access). The root cause is a defect in the SSH editor’s source code handling that enables remote code execution. The vulnerability enables an attacker to execute arbitrary code on the vulnerable host with...
CVE-2022-38020
CVE-2022-38020 affects Visual Studio Code. The connected Nessus entry confirms a privilege-escalation vulnerability in VS Code versions prior to 1.17.1. An authenticated, local attacker can exploit this to elevate privileges to those of another user on the affected system. The plugin text notes a...
CVE-2025-32726
CVE-2025-32726 describes an improper access-control flaw in Visual Studio Code that enables an authorized local attacker to elevate privileges. The entry is supported by multiple sources (NVD, RH, OSV, CIRCL, MSRC) confirming the core issue as a local privilege-escalation in VS Code. CVSS v3.1 me...
CVE-2021-28469
CVE-2021-28469 is a Visual Studio Code remote code execution vulnerability. Connected sources identify Visual Studio Code and related extensions as affected; the Nessus plugin notes that vulnerable versions include those prior to 1.55.2. The NVD/MSRC entry lists a high CVSS 3.1 (7.8) impact with ...
CVE-2021-31211
CVE-2021-31211 is an in-the-wild remote code execution issue in Visual Studio Code. Arch Linux ASA-202107-34 and Microsoft guidance confirm that vulnerabilities in VS Code prior to 1.58.0-1 allow arbitrary code execution via crafted remote terminal settings (and related issues in task/runner logi...
CVE-2021-31214
CVE-2021-31214 is a Visual Studio Code remote code-execution issue arising from the Grunt, Gulp and Jake task auto-detection. Connected advisories indicate this affects Visual Studio Code prior to the upstream patch and that fixes were released upstream in version 1.58.0-1, with Arch Linux noting...
CVE-2021-34479
CVE-2021-34479 is a spoofing vulnerability affecting Microsoft Visual Studio (and related tooling in the Microsoft Visual Studio family). The connected sources describe an ability to spoof the user interface, enabling deception of users, with references to the vulnerability in Microsoft advisorie...
CVE-2020-0604
CVE-2020-0604 is a Visual Studio Code remote code execution vulnerability. According to provided documents, it occurs when VS Code processes environment variables after opening a project, allowing attacker-supplied code to run in the targeted user’s context if they clone a repository and open it ...
CVE-2021-28457
CVE-2021-28457 is a Visual Studio Code remote code execution vulnerability. The connected records identify affected software as Visual Studio Code and, specifically, the GitHub Pull Requests and Issues Extension, among other VS Code-related components, with a root cause leading to arbitrary code ...
CVE-2021-28475
CVE-2021-28475 corresponds to a Visual Studio Code remote code execution vulnerability. Public references in connected sources confirm impact via remote code execution in Visual Studio Code (and related tooling such as the GitHub PRs and Issues extension) and note that Microsoft released security...
CVE-2020-17023
CVE-2020-17023 — Visual Studio Code remote code execution Affected product: Visual Studio Code. Vulnerability: A remote code execution flaw occurs when a user is tricked into opening a malicious package.json; attacker-supplied code runs in the context of the current user. Exploitation requires co...
CVE-2021-42322
CVE-2021-42322 is a Visual Studio Code elevation of privilege vulnerability with a local attack vector and no user interaction. Connected sources (NVD, MS advisory, NCSC) confirm affected product: Visual Studio Code; impact: higher privileges with high confidentiality, integrity, and availability...
CVE-2021-28473
CVE-2021-28473 is a Visual Studio Code remote code execution vulnerability with a base CVSS:3.1 score of 7.8 (HIGH). The available documentation indicates the affected product is Visual Studio Code (and related Visual Studio Code extensions in the ecosystem), with the vulnerability categorized as...
CVE-2022-41042
CVE-2022-41042 is a Visual Studio Code information disclosure vulnerability. The CVE entry concerns Visual Studio Code and related tooling; the vulnerability is described as information disclosure with a CVSSv3.1 base score of 7.4 (HIGH), requiring user interaction and with network attack vector ...
CVE-2024-43488
CVE-2024-43488 affects the Visual Studio Code extension for Arduino. The vulnerability is a missing authentication in a critical function, enabling remote code execution over a network attack vector. Impact per sources is arbitrary code execution with high/critical severity. Affected component is...
CVE-2025-24042
CVE-2025-24042 : The issue is an Elevation of Privilege in the Visual Studio Code JS Debug Extension. Public sources describe two related weaknesses in VS Code components: (1) a vulnerability enabling privilege escalation via a crafted node module or binary injection in the JS Debug/remote server...
CVE-2021-34528
The CVE-2021-34528 entry relates to a Remote Code Execution vulnerability in Microsoft Visual Studio Code. Based on the connected sources, the vulnerability affects Visual Studio Code and allows arbitrary code execution; CVSS details indicate a HIGHImpact with local attack vector and required use...
CVE-2021-26437
CVE-2021-26437 concerns a spoofing vulnerability in Microsoft Visual Studio Code. The available documents describe a UI spoofing issue in VS Code with a local attack vector, requiring user interaction, and separate risk details. A remediation referenced by a Nessus plugin indicates updating to Vi...
CVE-2020-17104
CVE-2020-17104 concerns Visual Studio Code JSHint Extension. Root cause per PT-2020-4828: insufficient input validation in the Visual Studio Code editor, enabling a remote attacker to execute arbitrary code via a specially crafted file. The connected document does not specify affected versions or...
CVE-2021-27060
CVE-2021-27060 is a reported vulnerability in Microsoft Visual Studio Code described as a remote code execution issue related to Visual Studio Code. The connected sources identify this as an arbitrary code execution vulnerability in VS Code, exploitable by convincing a user to open specially craf...
CVE-2024-43601
CVE-2024-43601 affects Visual Studio Code for Linux, with a remote code execution vulnerability in VS Code 1.94.0 and earlier, linked to the elevated save flow. The root cause is a flaw in the save operation that can allow arbitrary code execution when processing saved data. Public details in con...
CVE-2021-28471
CVE-2021-28471 is a Remote Development Extension for Visual Studio Code remote code execution vulnerability. The NVD/OSV entries rate it HIGH (CVSS v3.1: LOCAL, LOW/LOCAL, UI REQUIRED, C/H/I/H/A/H). The vulnerability affects Visual Studio Code components and related tools (e.g., Remote Developmen...
CVE-2021-28477
CVE-2021-28477 is a remote code execution vulnerability affecting Visual Studio Code and related tooling. The connected sources describe it within a batch of Microsoft developer-tools CVEs and note that the April 2021 security update for Visual Studio Code addresses this issue; the Tenable NASL e...
CVE-2025-24039
CVE-2025-24039 affects Microsoft Visual Studio Code; reported as elevation of privilege vulnerabilities in VS Code prior to 1.97.1. Technical details in connected sources show two issues: (1) an elevation of privilege in the code serve-web path on Windows where an attacker could place a malicious...
CVE-2021-43908
CVE-2021-43908 affects Visual Studio Code and is described as a spoofing vulnerability. Connected documents reference an exploit repository (githubexploit: Sudistark/vscode-rce-electrovolt) and related advisories, but the provided materials do not include concrete technical details such as vulner...
CVE-2019-0728
CVE-2019-0728 describes a remote code execution vulnerability in Visual Studio Code: if the editor processes environment variables when a project is opened, an attacker could run arbitrary code in the current user context. Exploitation requires user action to clone a repository and open it in VS ...
CVE-2025-21264
Visual Studio Code (VS Code) is affected by CVE-2025-21264, a local vulnerability described as a security feature bypass. The issue permits an unauthorized, local attacker to bypass a security feature due to how VS Code handles files/directories accessible to external parties and trusted domains....
CVE-2025-26631
CVE-2025-26631 affects Visual Studio Code and is described as an Uncontrolled search path element that can allow an authorized, local attacker to escalate privileges. Connected sources (e.g., Nessus plugin for Microsoft Visual Studio Code security update) note that the issue affects installations...
CVE-2018-0597
CVE-2018-0597 is an untrusted search path vulnerability in the Visual Studio Code installer. A malicious DLL located in the same directory as the installer can be loaded, enabling arbitrary code execution with the privileges of the invoking user. Affected component: the VS Code installer; root ca...
CVE-2026-21518
CVE-2026-21518 affects GitHub Copilot for Visual Studio Code and VS Code itself. Description: improper neutralization of special elements used in a command (command injection) allows a remote attacker to bypass a security feature over a network. Affected component/input is attacker-controlled net...
CVE-2025-55319
CVE-2025-55319 corresponds to a remote code execution issue involving Agentic AI in Microsoft Visual Studio Code. The vulnerability allows an unauthenticated, network-based attacker to execute arbitrary code on the affected host via the Agentic AI functionality integrated with VS Code. The CVE is...