42 matches found
CVE-2019-1414
CVE-2019-1414 affects Visual Studio Code. A local elevation-of-privilege vulnerability arises when VS Code exposes a debug listener/port to the local user, allowing code injection in the user context. Affected versions are generally prior to 1.39.1; remediation is to update VS Code to 1.39.1 or l...
CVE-2021-43891
A concrete exploit artifact exists for CVE-2021-43891: the Github repo Exploit for CVE-2021-43891 demonstrates a Proof-of-Concept remote code execution in Visual Studio Code via the Remote WSL component. The PoC provides build/install steps, a local server workflow, and specific file-system locat...
CVE-2020-16881
The CVE-2020-16881 entry describes a remote code execution vulnerability in Visual Studio Code triggered when a user opens a malicious package.json. The underlying issue allows code execution in the context of the current user, potentially taking full control if the user has admin rights. Exploit...
CVE-2022-24526
CVE-2022-24526 is a Visual Studio Code vulnerability described as Spoofing. Connected sources confirm a UI spoofing flaw in VS Code, with exploitation not detailed in the initial entry but reflected in multiple accompanying advisories. The vulnerability is tied to VS Code and has remediation refe...
CVE-2023-21779
CVE-2023-21779 is a Visual Studio Code remote code execution vulnerability. The entry indicates a HIGH severity (CVSSv3.1 7.8) with a local attack vector, requiring user interaction, and impacting the confidentiality, integrity, and availability of affected systems. The vulnerability is documente...
CVE-2021-34529
Technical details about CVE-2021-34529 (affected product, root cause, impact, or fixes) are not publicly provided in the connected documents; monitor official advisories and updates for authoritative information.
CVE-2022-30129
CVE-2022-30129 – Visual Studio Code Remote Code Execution is a published vulnerability involving a failure to properly filter externally entered data during code construction, enabling a remote attacker to execute arbitrary code on the affected Visual Studio Code instance. The issue is described ...
CVE-2023-33144
CVE-2023-33144 affects Visual Studio Code (older than 1.79.1) and is described as a session spoofing vulnerability. The Nessus/plugin text states an attacker could exploit to perform actions with the privileges of another user, implying a local-authentication bypass related to how VS Code handles...
CVE-2023-36742
Microsoft Visual Studio Code is affected by CVE-2023-36742 through vulnerable pre-1.82.1 builds. Connected documents describe a remote code execution scenario in VS Code where a user must open a malicious project; a crafted dependencies entry in package.json causes npm to execute scripts locally,...
CVE-2025-64660
CVE-2025-64660 affects GitHub Copilot and Visual Studio Code with an improper access control flaw that enables an authorized attacker to execute code over a network. The vulnerability is described as a remote code execution issue due to access-control bypass, impacting Visual Studio Code and GitH...
CVE-2022-41034
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2023-29338
CVE-2023-29338 is a Visual Studio Code information-disclosure spoofing vulnerability on Windows, enabling local attackers with user interaction to access sensitive data via spoofing vectors. Root cause is a spoofing flaw in VS Code (affected versions include 1.78.0 and earlier per FreeBSD VuXML e...
CVE-2024-26165
CVE-2024-26165 is a Visual Studio Code Elevation of Privilege vulnerability. Connected sources (including the NCSC advisory) report an impact of privilege escalation with a CVSS score around 8.8 and note that updates exist to fix the issue. The NCSC guidance explicitly recommends installing the M...
CVE-2023-24893
CVE-2023-24893 affects Visual Studio Code; versions prior to 1.77.2 are vulnerable to remote code execution. An attacker could bypass authentication and execute arbitrary commands. Remediation: update VS Code to 1.77.2 or later per Nessus plugin details. Other sources corroborate RCE vectors for ...
CVE-2020-1416
CVE-2020-1416 is the Visual Studio and Visual Studio Code Elevation of Privilege vulnerability. The issue arises when these products load software dependencies, allowing a local attacker who can plant malicious content to execute arbitrary code with the user’s privileges. Microsoft’s advisory sta...
CVE-2020-17148
CVE-2020-17148 affects the Visual Studio Code Remote Development Extension (SSH-based remote access). The root cause is a defect in the SSH editor’s source code handling that enables remote code execution. The vulnerability enables an attacker to execute arbitrary code on the vulnerable host with...
CVE-2021-31211
CVE-2021-31211 is an in-the-wild remote code execution issue in Visual Studio Code. Arch Linux ASA-202107-34 and Microsoft guidance confirm that vulnerabilities in VS Code prior to 1.58.0-1 allow arbitrary code execution via crafted remote terminal settings (and related issues in task/runner logi...
CVE-2025-32726
CVE-2025-32726 describes an improper access-control flaw in Visual Studio Code that enables an authorized local attacker to elevate privileges. The entry is supported by multiple sources (NVD, RH, OSV, CIRCL, MSRC) confirming the core issue as a local privilege-escalation in VS Code. CVSS v3.1 me...
CVE-2021-28469
CVE-2021-28469 is a Visual Studio Code remote code execution vulnerability. Connected sources identify Visual Studio Code and related extensions as affected; the Nessus plugin notes that vulnerable versions include those prior to 1.55.2. The NVD/MSRC entry lists a high CVSS 3.1 (7.8) impact with ...
CVE-2021-31214
CVE-2021-31214 is a Visual Studio Code remote code-execution issue arising from the Grunt, Gulp and Jake task auto-detection. Connected advisories indicate this affects Visual Studio Code prior to the upstream patch and that fixes were released upstream in version 1.58.0-1, with Arch Linux noting...
CVE-2021-34479
CVE-2021-34479 is a spoofing vulnerability affecting Microsoft Visual Studio (and related tooling in the Microsoft Visual Studio family). The connected sources describe an ability to spoof the user interface, enabling deception of users, with references to the vulnerability in Microsoft advisorie...
CVE-2020-0604
CVE-2020-0604 is a Visual Studio Code remote code execution vulnerability. According to provided documents, it occurs when VS Code processes environment variables after opening a project, allowing attacker-supplied code to run in the targeted user’s context if they clone a repository and open it ...
CVE-2021-28457
CVE-2021-28457 is a Visual Studio Code remote code execution vulnerability. The connected records identify affected software as Visual Studio Code and, specifically, the GitHub Pull Requests and Issues Extension, among other VS Code-related components, with a root cause leading to arbitrary code ...
CVE-2021-28475
CVE-2021-28475 corresponds to a Visual Studio Code remote code execution vulnerability. Public references in connected sources confirm impact via remote code execution in Visual Studio Code (and related tooling such as the GitHub PRs and Issues extension) and note that Microsoft released security...
CVE-2021-42322
CVE-2021-42322 is a Visual Studio Code elevation of privilege vulnerability with a local attack vector and no user interaction. Connected sources (NVD, MS advisory, NCSC) confirm affected product: Visual Studio Code; impact: higher privileges with high confidentiality, integrity, and availability...
CVE-2021-28473
CVE-2021-28473 is a Visual Studio Code remote code execution vulnerability with a base CVSS:3.1 score of 7.8 (HIGH). The available documentation indicates the affected product is Visual Studio Code (and related Visual Studio Code extensions in the ecosystem), with the vulnerability categorized as...
CVE-2025-24042
CVE-2025-24042 : The issue is an Elevation of Privilege in the Visual Studio Code JS Debug Extension. Public sources describe two related weaknesses in VS Code components: (1) a vulnerability enabling privilege escalation via a crafted node module or binary injection in the JS Debug/remote server...
CVE-2021-34528
The CVE-2021-34528 entry relates to a Remote Code Execution vulnerability in Microsoft Visual Studio Code. Based on the connected sources, the vulnerability affects Visual Studio Code and allows arbitrary code execution; CVSS details indicate a HIGHImpact with local attack vector and required use...
CVE-2024-43601
CVE-2024-43601 affects Visual Studio Code for Linux, with a remote code execution vulnerability in VS Code 1.94.0 and earlier, linked to the elevated save flow. The root cause is a flaw in the save operation that can allow arbitrary code execution when processing saved data. Public details in con...
CVE-2021-28471
CVE-2021-28471 is a Remote Development Extension for Visual Studio Code remote code execution vulnerability. The NVD/OSV entries rate it HIGH (CVSS v3.1: LOCAL, LOW/LOCAL, UI REQUIRED, C/H/I/H/A/H). The vulnerability affects Visual Studio Code components and related tools (e.g., Remote Developmen...
CVE-2025-24039
CVE-2025-24039 affects Microsoft Visual Studio Code; reported as elevation of privilege vulnerabilities in VS Code prior to 1.97.1. Technical details in connected sources show two issues: (1) an elevation of privilege in the code serve-web path on Windows where an attacker could place a malicious...
CVE-2021-28477
CVE-2021-28477 is a remote code execution vulnerability affecting Visual Studio Code and related tooling. The connected sources describe it within a batch of Microsoft developer-tools CVEs and note that the April 2021 security update for Visual Studio Code addresses this issue; the Tenable NASL e...
CVE-2025-21264
Visual Studio Code (VS Code) is affected by CVE-2025-21264, a local vulnerability described as a security feature bypass. The issue permits an unauthorized, local attacker to bypass a security feature due to how VS Code handles files/directories accessible to external parties and trusted domains....
CVE-2025-26631
CVE-2025-26631 affects Visual Studio Code and is described as an Uncontrolled search path element that can allow an authorized, local attacker to escalate privileges. Connected sources (e.g., Nessus plugin for Microsoft Visual Studio Code security update) note that the issue affects installations...
CVE-2026-21518
CVE-2026-21518 affects GitHub Copilot for Visual Studio Code and VS Code itself. Description: improper neutralization of special elements used in a command (command injection) allows a remote attacker to bypass a security feature over a network. Affected component/input is attacker-controlled net...
CVE-2025-55319
CVE-2025-55319 corresponds to a remote code execution issue involving Agentic AI in Microsoft Visual Studio Code. The vulnerability allows an unauthenticated, network-based attacker to execute arbitrary code on the affected host via the Agentic AI functionality integrated with VS Code. The CVE is...
CVE-2026-41613
CVE-2026-41613 involves session fixation in Visual Studio Code that allows an unauthorized attacker to elevate privileges over a network. The connected sources corroborate the affected product as Visual Studio Code and describe the impact as privilege elevation via network access. The available d...
CVE-2026-41611
Technical details about CVE-2026-41611 are not provided in the supplied documents. No specifics on affected versions, root cause, or remediation are included. Monitor for updates from official sources.
CVE-2026-21523
CVE-2026-21523 is a time-of-check time-of-use (TOCTOU) race condition impacting GitHub Copilot and Visual Studio . An authorized attacker could execute code over a network. The issued CVSS 3.1 score is 8.0 (HIGH) with Network attack vector, Low attack complexity, Privileges Required: Low , User I...
CVE-2026-41109
Technical details are not publicly available in the provided documents; monitor for updates.
CVE-2025-62453
CVE-2025-62453 affects GitHub Copilot and Visual Studio Code due to improper validation of generative AI output, enabling an authorized local attacker to bypass a security feature. Multiple sources corroborate a security feature bypass vulnerability in Visual Studio Code and Copilot Chat, with im...
CVE-2026-41610
Technical details about CVE-2026-41610 are not publicly available in the provided documents. Monitor for updates from official sources (e.g., vendor advisories, CVE records) for affected products, remediation steps, or confirmed exploit information.