Visual Studio Code — Known Vulnerabilities
56 vulnerabilities mapped against this product across all versions. Grouped by the release each fix landed in — newest tracked release v56.
Still affects the latest release (v56) 16
Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector.
Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability
Visual Studio Code JSHint Extension Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current…
A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If…
A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project, aka 'Visual Studio Code Remote Code Execution Vulnerability'.
Untrusted search path vulnerability in the installer of Visual Studio Code allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Visual Studio Code Information Disclosure Vulnerability
Visual Studio Code Elevation of Privilege Vulnerability
Visual Studio Code Elevation of Privilege Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads a Jupyter notebook file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If…
Visual Studio Code Spoofing Vulnerability
Visual Studio Code Spoofing Vulnerability
Fixed in v1.x 40
Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network.
Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network.
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network.
Visual Studio Code Elevation of Privilege Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability'.
Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.
Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network.
Visual Studio Code for Linux Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Elevation of Privilege Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
Microsoft Visual Studio Spoofing Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current…
An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer, aka 'Visual Studio Code Elevation of Privilege Vulnerability'.
Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally.
Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability
Visual Studio Code Elevation of Privilege Vulnerability
Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
Visual Studio Code Remote Code Execution Vulnerability
Improper access control in Visual Studio Code allows an authorized attacker to elevate privileges locally.
Visual Studio Code Spoofing Vulnerability
Visual Studio Code Spoofing Vulnerability
Visual Studio Code Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally.
Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally.
