Visual Studio Code CVEs and Security Vulnerabilities

Filtered by vendor Microsoft Subscriptions

Filtered by product Visual Studio Code Subscriptions

Search

Switch to Advanced Search (Beta)

Total 69 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-47292	1 Microsoft	2 Visual Studio Code, Visual Studio Code Mssql Extension	2026-06-15	7.8 High
Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally.
CVE-2026-47284	1 Microsoft	1 Visual Studio Code	2026-06-15	6.5 Medium
Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information over a network.
CVE-2026-48569	1 Microsoft	1 Visual Studio Code	2026-06-12	7.1 High
Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-40376	1 Microsoft	1 Visual Studio Code	2026-06-11	7.5 High
Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-47281	1 Microsoft	1 Visual Studio Code	2026-06-10	9.6 Critical
Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
CVE-2024-43488	1 Microsoft	1 Visual Studio Code	2026-06-09	8.8 High
Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector.
CVE-2024-43601	2 Linux, Microsoft	3 Linux Kernel, Visual Studio Code, Visual Studio Code For Linux	2026-06-09	7.8 High
Visual Studio Code for Linux Remote Code Execution Vulnerability
CVE-2026-47287	1 Microsoft	1 Visual Studio Code	2026-06-09	6.5 Medium
Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network.
CVE-2026-41611	1 Microsoft	1 Visual Studio Code	2026-05-15	7.8 High
Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally.
CVE-2026-41612	1 Microsoft	2 Live Preview, Visual Studio Code	2026-05-15	5.5 Medium
Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.
CVE-2026-41610	1 Microsoft	1 Visual Studio Code	2026-05-13	6.3 Medium
Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-41109	1 Microsoft	1 Visual Studio Code	2026-05-13	8.8 High
Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-41613	1 Microsoft	1 Visual Studio Code	2026-05-12	8.8 High
Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-21518	1 Microsoft	2 Visual Studio Code, Visual Studio Code Copilot Chat Extension	2026-04-15	8.8 High
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21523	1 Microsoft	2 Visual Studio Code, Visual Studio Code Copilot Chat Extension	2026-04-15	8 High
Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.
CVE-2025-24042	1 Microsoft	2 Visual Studio Code, Vscode-js-debug	2026-02-26	7.3 High
Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability
CVE-2025-32726	1 Microsoft	1 Visual Studio Code	2026-02-26	6.8 Medium
Improper access control in Visual Studio Code allows an authorized attacker to elevate privileges locally.
CVE-2025-49714	1 Microsoft	2 Python, Visual Studio Code	2026-02-26	7.8 High
Trust boundary violation in Visual Studio Code - Python extension allows an unauthorized attacker to execute code locally.
CVE-2025-55319	1 Microsoft	1 Visual Studio Code	2026-02-26	8.8 High
Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network.
CVE-2025-64660	1 Microsoft	1 Visual Studio Code	2026-02-26	8 High
Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network.

Page 1 of 4. next last »