Microsoft - Visual Studio Code CVE

Filtered by vendor Microsoft

Filtered by product Visual Studio Code

Total 52 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-17023	1 Microsoft	1 Visual Studio Code	2026-02-23	9.3 HIGH	7.8 HIGH
<p>A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> < ... Show More
CVE-2020-16977	1 Microsoft	1 Visual Studio Code	2026-02-23	9.3 HIGH	7.0 HIGH
<p>A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads a Jupyter notebook file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit ... Show More
CVE-2020-16881	1 Microsoft	1 Visual Studio Code	2026-02-23	9.3 HIGH	7.8 HIGH
<p>A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> < ... Show More
CVE-2026-21518	1 Microsoft	1 Visual Studio Code	2026-02-23	N/A	8.8 HIGH
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network.
CVE-2020-0604	1 Microsoft	1 Visual Studio Code	2026-02-23	9.3 HIGH	7.8 HIGH
A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit thi ... Show More
CVE-2025-55319	1 Microsoft	1 Visual Studio Code	2026-02-20	N/A	8.8 HIGH
Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network.
CVE-2026-21523	1 Microsoft	1 Visual Studio Code	2026-02-11	N/A	8.0 HIGH
Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.
CVE-2025-64660	1 Microsoft	1 Visual Studio Code	2025-11-26	N/A	8.0 HIGH
Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network.
CVE-2025-62453	1 Microsoft	1 Visual Studio Code	2025-11-14	N/A	5.0 MEDIUM
Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally.
CVE-2020-17148	1 Microsoft	1 Visual Studio Code	2025-08-28	6.8 MEDIUM	7.8 HIGH
Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability
CVE-2025-32726	1 Microsoft	1 Visual Studio Code	2025-07-08	N/A	6.8 MEDIUM
Improper access control in Visual Studio Code allows an authorized attacker to elevate privileges locally.
CVE-2025-26631	1 Microsoft	1 Visual Studio Code	2025-07-03	N/A	7.3 HIGH
Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally.
CVE-2025-24042	1 Microsoft	1 Visual Studio Code	2025-07-02	N/A	7.3 HIGH
Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability
CVE-2025-24039	1 Microsoft	1 Visual Studio Code	2025-07-02	N/A	7.3 HIGH
Visual Studio Code Elevation of Privilege Vulnerability
CVE-2025-21264	1 Microsoft	1 Visual Studio Code	2025-05-19	N/A	7.1 HIGH
Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
CVE-2022-41042	1 Microsoft	1 Visual Studio Code	2025-01-02	N/A	7.4 HIGH
Visual Studio Code Information Disclosure Vulnerability
CVE-2022-41034	1 Microsoft	1 Visual Studio Code	2025-01-02	N/A	7.8 HIGH
Visual Studio Code Remote Code Execution Vulnerability
CVE-2022-30129	1 Microsoft	1 Visual Studio Code	2025-01-02	6.8 MEDIUM	8.8 HIGH
Visual Studio Code Remote Code Execution Vulnerability
CVE-2024-26165	1 Microsoft	1 Visual Studio Code	2024-12-27	N/A	8.8 HIGH
Visual Studio Code Elevation of Privilege Vulnerability
CVE-2023-36742	1 Microsoft	1 Visual Studio Code	2024-11-21	N/A	7.8 HIGH
Visual Studio Code Remote Code Execution Vulnerability
CVE-2023-33144	1 Microsoft	1 Visual Studio Code	2024-11-21	N/A	6.6 MEDIUM
Visual Studio Code Spoofing Vulnerability
CVE-2023-29338	1 Microsoft	1 Visual Studio Code	2024-11-21	N/A	6.6 MEDIUM
Visual Studio Code Spoofing Vulnerability
CVE-2023-24893	1 Microsoft	1 Visual Studio Code	2024-11-21	N/A	7.8 HIGH
Visual Studio Code Remote Code Execution Vulnerability
CVE-2023-21779	1 Microsoft	1 Visual Studio Code	2024-11-21	N/A	7.8 HIGH
Visual Studio Code Remote Code Execution Vulnerability
CVE-2022-38020	1 Microsoft	1 Visual Studio Code	2024-11-21	N/A	7.3 HIGH
Visual Studio Code Elevation of Privilege Vulnerability
CVE-2022-26921	1 Microsoft	1 Visual Studio Code	2024-11-21	4.6 MEDIUM	7.3 HIGH
Visual Studio Code Elevation of Privilege Vulnerability
CVE-2022-24526	1 Microsoft	1 Visual Studio Code	2024-11-21	4.3 MEDIUM	6.1 MEDIUM
Visual Studio Code Spoofing Vulnerability
CVE-2022-21991	1 Microsoft	1 Visual Studio Code	2024-11-21	6.8 MEDIUM	8.1 HIGH
Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability
CVE-2021-43908	1 Microsoft	1 Visual Studio Code	2024-11-21	4.3 MEDIUM	4.3 MEDIUM
Visual Studio Code Spoofing Vulnerability
CVE-2021-43891	1 Microsoft	1 Visual Studio Code	2024-11-21	6.8 MEDIUM	7.8 HIGH
Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-42322	1 Microsoft	1 Visual Studio Code	2024-11-21	4.6 MEDIUM	7.8 HIGH
Visual Studio Code Elevation of Privilege Vulnerability
CVE-2021-34529	1 Microsoft	1 Visual Studio Code	2024-11-21	6.8 MEDIUM	7.8 HIGH
Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-34528	1 Microsoft	1 Visual Studio Code	2024-11-21	6.8 MEDIUM	7.8 HIGH
Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-34479	1 Microsoft	1 Visual Studio Code	2024-11-21	4.3 MEDIUM	7.8 HIGH
Microsoft Visual Studio Spoofing Vulnerability
CVE-2021-31214	1 Microsoft	1 Visual Studio Code	2024-11-21	9.3 HIGH	7.8 HIGH
Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-31211	1 Microsoft	1 Visual Studio Code	2024-11-21	6.8 MEDIUM	7.8 HIGH
Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-28477	1 Microsoft	1 Visual Studio Code	2024-11-21	6.8 MEDIUM	7.0 HIGH
Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-28475	1 Microsoft	1 Visual Studio Code	2024-11-21	6.8 MEDIUM	7.8 HIGH
Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-28473	1 Microsoft	1 Visual Studio Code	2024-11-21	6.8 MEDIUM	7.8 HIGH
Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-28471	1 Microsoft	1 Visual Studio Code	2024-11-21	6.8 MEDIUM	7.8 HIGH
Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability

Vulnerabilities (CVE)