Microsoft Visual Studio Code vulnerabilities
52 known vulnerabilities affecting microsoft/visual_studio_code.
Total CVEs
52
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH45MEDIUM7
Vulnerabilities
Page 1 of 3
CVE-2026-21518HIGHCVSS 8.8fixed in 1.109.2≥ 1.0.0, < 1.110.12026-02-10
CVE-2026-21518 [HIGH] CWE-77 CVE-2026-21518: Improper neutralization of special elements used in a command ('command injection') in GitHub Copilo
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network.
cvelistv5nvd
CVE-2026-21523HIGHCVSS 8.0fixed in 1.109.2≥ 1.0.0, < 1.109.22026-02-10
CVE-2026-21523 [HIGH] CWE-367 CVE-2026-21523: Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an auth
Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.
cvelistv5nvd
CVE-2025-64660HIGHCVSS 8.0fixed in 1.106.2≥ 1.0.0, < 1.106.22025-11-20
CVE-2025-64660 [HIGH] CWE-284 CVE-2025-64660: Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to ex
Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network.
cvelistv5nvd
CVE-2025-62453MEDIUMCVSS 5.0fixed in 1.105.0≥ 1.0.0, < 1.105.02025-11-11
CVE-2025-62453 [MEDIUM] CWE-693 CVE-2025-62453: Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an autho
Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally.
cvelistv5nvd
CVE-2025-55319HIGHCVSS 8.8fixed in 1.104.0≥ 1.0.0, < 1.104.02025-09-12
CVE-2025-55319 [HIGH] CWE-77 CVE-2025-55319: Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute
Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network.
cvelistv5nvd
CVE-2025-21264HIGHCVSS 7.1fixed in 1.100.1≥ 1.0.0, < 1.100.12025-05-13
CVE-2025-21264 [HIGH] CWE-552 CVE-2025-21264: Files or directories accessible to external parties in Visual Studio Code allows an unauthorized att
Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
cvelistv5nvd
CVE-2025-32726MEDIUMCVSS 6.8fixed in 1.99.1≥ 1.0.0, < 1.99.12025-04-12
CVE-2025-32726 [MEDIUM] CWE-284 CVE-2025-32726: Improper access control in Visual Studio Code allows an authorized attacker to elevate privileges lo
Improper access control in Visual Studio Code allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-26631HIGHCVSS 7.3fixed in 1.98.0≥ 1.0.0, < 1.98.02025-03-11
CVE-2025-26631 [HIGH] CWE-427 CVE-2025-26631: Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate priv
Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally.
cvelistv5nvd
CVE-2025-24039HIGHCVSS 7.3fixed in 1.97.1≥ 1.0.0, < 1.97.12025-02-11
CVE-2025-24039 [HIGH] CWE-427 CVE-2025-24039: Visual Studio Code Elevation of Privilege Vulnerability
Visual Studio Code Elevation of Privilege Vulnerability
cvelistv5nvd
CVE-2025-24042HIGHCVSS 7.3fixed in 1.97.12025-02-11
CVE-2025-24042 [HIGH] CWE-284 CVE-2025-24042: Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability
Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability
nvd
CVE-2024-43488HIGHCVSS 8.8vN/A2024-10-08
CVE-2024-43488 [HIGH] CWE-306 CVE-2024-43488: Missing authentication for critical function in Visual Studio Code extension for Arduino allows an u
Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector.
cvelistv5nvd
CVE-2024-43601HIGHCVSS 7.8fixed in 1.94.12024-10-08
CVE-2024-43601 [HIGH] CWE-77 CVE-2024-43601: Visual Studio Code for Linux Remote Code Execution Vulnerability
Visual Studio Code for Linux Remote Code Execution Vulnerability
nvd
CVE-2024-26165HIGHCVSS 8.8fixed in 1.87.2≥ 1.0.0, < 1.87.22024-03-12
CVE-2024-26165 [HIGH] CWE-256 CVE-2024-26165: Visual Studio Code Elevation of Privilege Vulnerability
Visual Studio Code Elevation of Privilege Vulnerability
cvelistv5nvd
CVE-2023-36742HIGHCVSS 7.8fixed in 1.82.1≥ 1.0.0, < 1.82.12023-09-12
CVE-2023-36742 [HIGH] CVE-2023-36742: Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
cvelistv5nvd
CVE-2023-33144MEDIUMCVSS 6.6≥ 1.0.0, < 1.792023-06-13
CVE-2023-33144 [MEDIUM] CWE-23 Visual Studio Code Spoofing Vulnerability
Visual Studio Code Spoofing Vulnerability
Visual Studio Code Spoofing Vulnerability
cvelistv5
CVE-2023-29338MEDIUMCVSS 6.6≥ 1.0.0, < 1.78.12023-05-09
CVE-2023-29338 [MEDIUM] CWE-285 Visual Studio Code Spoofing Vulnerability
Visual Studio Code Spoofing Vulnerability
Visual Studio Code Spoofing Vulnerability
cvelistv5
CVE-2023-24893HIGHCVSS 7.8fixed in 1.77.0≥ 1.0.0, < 1.77.02023-04-11
CVE-2023-24893 [HIGH] CWE-20 CVE-2023-24893: Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
cvelistv5nvd
CVE-2023-21779HIGHCVSS 7.8fixed in 1.74.3≥ 1.0.0, < 1.74.32023-01-10
CVE-2023-21779 [HIGH] CWE-502 CVE-2023-21779: Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
cvelistv5nvd
CVE-2022-41042HIGHCVSS 7.4≥ 1.0.0, < 1.72.12022-10-11
CVE-2022-41042 [HIGH] CVE-2022-41042: Visual Studio Code Information Disclosure Vulnerability
Visual Studio Code Information Disclosure Vulnerability
cvelistv5nvd
CVE-2022-41034HIGHCVSS 7.8fixed in 1.72.1≥ 1.0.0, < 1.72.12022-10-11
CVE-2022-41034 [HIGH] CVE-2022-41034: Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
cvelistv5nvd
1 / 3Next →