33 matches found
CVE-2019-1414
CVE-2019-1414 affects Visual Studio Code. A local elevation-of-privilege vulnerability arises when VS Code exposes a debug listener/port to the local user, allowing code injection in the user context. Affected versions are generally prior to 1.39.1; remediation is to update VS Code to 1.39.1 or l...
CVE-2021-43891
A concrete exploit artifact exists for CVE-2021-43891: the Github repo Exploit for CVE-2021-43891 demonstrates a Proof-of-Concept remote code execution in Visual Studio Code via the Remote WSL component. The PoC provides build/install steps, a local server workflow, and specific file-system locat...
CVE-2023-21779
CVE-2023-21779 is a Visual Studio Code remote code execution vulnerability. The entry indicates a HIGH severity (CVSSv3.1 7.8) with a local attack vector, requiring user interaction, and impacting the confidentiality, integrity, and availability of affected systems. The vulnerability is documente...
CVE-2021-34529
Technical details about CVE-2021-34529 (affected product, root cause, impact, or fixes) are not publicly provided in the connected documents; monitor official advisories and updates for authoritative information.
CVE-2022-41034
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2023-36742
Microsoft Visual Studio Code is affected by CVE-2023-36742 through vulnerable pre-1.82.1 builds. Connected documents describe a remote code execution scenario in VS Code where a user must open a malicious project; a crafted dependencies entry in package.json causes npm to execute scripts locally,...
CVE-2022-26921
CVE-2022-26921 is a Local Privilege Escalation affecting Visual Studio Code. According to the CVE data, the vulnerability supports local attack vector, requires LOW privileges, and does not require user interaction (UI: NONE). The impact is described as high for confidentiality, integrity, and av...
CVE-2023-24893
CVE-2023-24893 affects Visual Studio Code; versions prior to 1.77.2 are vulnerable to remote code execution. An attacker could bypass authentication and execute arbitrary commands. Remediation: update VS Code to 1.77.2 or later per Nessus plugin details. Other sources corroborate RCE vectors for ...
CVE-2021-1639
CVE-2021-1639 appears as a Visual Studio Code remote code execution vulnerability. Connected sources confirm Visual Studio Code is affected and note public exploits exist (Kaspersky). The documents provide high-severity impact for this CVE but do not consistently expose concrete root-cause detail...
CVE-2021-34479
CVE-2021-34479 is a spoofing vulnerability affecting Microsoft Visual Studio (and related tooling in the Microsoft Visual Studio family). The connected sources describe an ability to spoof the user interface, enabling deception of users, with references to the vulnerability in Microsoft advisorie...
CVE-2020-17148
CVE-2020-17148 affects the Visual Studio Code Remote Development Extension (SSH-based remote access). The root cause is a defect in the SSH editor’s source code handling that enables remote code execution. The vulnerability enables an attacker to execute arbitrary code on the vulnerable host with...
CVE-2024-43601
CVE-2024-43601 affects Visual Studio Code for Linux, with a remote code execution vulnerability in VS Code 1.94.0 and earlier, linked to the elevated save flow. The root cause is a flaw in the save operation that can allow arbitrary code execution when processing saved data. Public details in con...
CVE-2021-31211
CVE-2021-31211 is an in-the-wild remote code execution issue in Visual Studio Code. Arch Linux ASA-202107-34 and Microsoft guidance confirm that vulnerabilities in VS Code prior to 1.58.0-1 allow arbitrary code execution via crafted remote terminal settings (and related issues in task/runner logi...
CVE-2022-38020
CVE-2022-38020 affects Visual Studio Code. The connected Nessus entry confirms a privilege-escalation vulnerability in VS Code versions prior to 1.17.1. An authenticated, local attacker can exploit this to elevate privileges to those of another user on the affected system. The plugin text notes a...
CVE-2021-28469
CVE-2021-28469 is a Visual Studio Code remote code execution vulnerability. Connected sources identify Visual Studio Code and related extensions as affected; the Nessus plugin notes that vulnerable versions include those prior to 1.55.2. The NVD/MSRC entry lists a high CVSS 3.1 (7.8) impact with ...
CVE-2021-28457
CVE-2021-28457 is a Visual Studio Code remote code execution vulnerability. The connected records identify affected software as Visual Studio Code and, specifically, the GitHub Pull Requests and Issues Extension, among other VS Code-related components, with a root cause leading to arbitrary code ...
CVE-2021-28475
CVE-2021-28475 corresponds to a Visual Studio Code remote code execution vulnerability. Public references in connected sources confirm impact via remote code execution in Visual Studio Code (and related tooling such as the GitHub PRs and Issues extension) and note that Microsoft released security...
CVE-2021-28473
CVE-2021-28473 is a Visual Studio Code remote code execution vulnerability with a base CVSS:3.1 score of 7.8 (HIGH). The available documentation indicates the affected product is Visual Studio Code (and related Visual Studio Code extensions in the ecosystem), with the vulnerability categorized as...
CVE-2021-42322
CVE-2021-42322 is a Visual Studio Code elevation of privilege vulnerability with a local attack vector and no user interaction. Connected sources (NVD, MS advisory, NCSC) confirm affected product: Visual Studio Code; impact: higher privileges with high confidentiality, integrity, and availability...
CVE-2022-41042
CVE-2022-41042 is a Visual Studio Code information disclosure vulnerability. The CVE entry concerns Visual Studio Code and related tooling; the vulnerability is described as information disclosure with a CVSSv3.1 base score of 7.4 (HIGH), requiring user interaction and with network attack vector ...
CVE-2025-24042
CVE-2025-24042 : The issue is an Elevation of Privilege in the Visual Studio Code JS Debug Extension. Public sources describe two related weaknesses in VS Code components: (1) a vulnerability enabling privilege escalation via a crafted node module or binary injection in the JS Debug/remote server...
CVE-2021-34528
The CVE-2021-34528 entry relates to a Remote Code Execution vulnerability in Microsoft Visual Studio Code. Based on the connected sources, the vulnerability affects Visual Studio Code and allows arbitrary code execution; CVSS details indicate a HIGHImpact with local attack vector and required use...
CVE-2021-27060
CVE-2021-27060 is a reported vulnerability in Microsoft Visual Studio Code described as a remote code execution issue related to Visual Studio Code. The connected sources identify this as an arbitrary code execution vulnerability in VS Code, exploitable by convincing a user to open specially craf...
CVE-2025-24039
CVE-2025-24039 affects Microsoft Visual Studio Code; reported as elevation of privilege vulnerabilities in VS Code prior to 1.97.1. Technical details in connected sources show two issues: (1) an elevation of privilege in the code serve-web path on Windows where an attacker could place a malicious...
CVE-2025-21264
Visual Studio Code (VS Code) is affected by CVE-2025-21264, a local vulnerability described as a security feature bypass. The issue permits an unauthorized, local attacker to bypass a security feature due to how VS Code handles files/directories accessible to external parties and trusted domains....
CVE-2021-28477
CVE-2021-28477 is a remote code execution vulnerability affecting Visual Studio Code and related tooling. The connected sources describe it within a batch of Microsoft developer-tools CVEs and note that the April 2021 security update for Visual Studio Code addresses this issue; the Tenable NASL e...
CVE-2021-28471
CVE-2021-28471 is a Remote Development Extension for Visual Studio Code remote code execution vulnerability. The NVD/OSV entries rate it HIGH (CVSS v3.1: LOCAL, LOW/LOCAL, UI REQUIRED, C/H/I/H/A/H). The vulnerability affects Visual Studio Code components and related tools (e.g., Remote Developmen...
CVE-2025-26631
CVE-2025-26631 affects Visual Studio Code and is described as an Uncontrolled search path element that can allow an authorized, local attacker to escalate privileges. Connected sources (e.g., Nessus plugin for Microsoft Visual Studio Code security update) note that the issue affects installations...
CVE-2026-47292
CVE-2026-47292 concerns a vulnerability in the Visual Studio Code MSSQL Extension where inclusion of functionality from an untrusted control sphere allows an attacker to escalate privileges locally. The connected documents confirm the affected product (Visual Studio Code MSSQL Extension) and the ...
CVE-2026-41611
Technical details about CVE-2026-41611 are not provided in the supplied documents. No specifics on affected versions, root cause, or remediation are included. Monitor for updates from official sources.
CVE-2018-0597
CVE-2018-0597 is an untrusted search path vulnerability in the Visual Studio Code installer. A malicious DLL located in the same directory as the installer can be loaded, enabling arbitrary code execution with the privileges of the invoking user. Affected component: the VS Code installer; root ca...
CVE-2026-48569
CVE-2026-48569 affects Visual Studio Code. It is caused by improper input validation in the editor, enabling a local attacker to bypass a security feature. CVSSv3.1: LOCAL attack vector, HIGH impact on confidentiality, LOW on integrity, NONE on availability; user interaction required. Details in ...
CVE-2026-57101
Visual Studio Code is affected by CVE-2026-57101, a cross-site scripting flaw caused by improper neutralization of input during web page generation. The vulnerability allows a local attacker to bypass a security feature, requiring user interaction for exploitation (CVSS TV: Local access, Low expl...