VYPR

Copilot CLI

by GitHub

Source repositories

CVEs (8)

  • CVE-2026-41109HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.01

    Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network.

  • CVE-2026-45033HigMay 13, 2026
    risk 0.44cvss 7.8epss 0.00

    GitHub Copilot CLI brings AI-powered coding assistance directly to your command line. Prior to 1.0.43, a security vulnerability has been identified in GitHub Copilot CLI where a malicious bare git repository nested inside a project directory can achieve arbitrary code execution…

  • CVE-2026-29783HigMar 6, 2026
    risk 0.44cvss 7.8epss 0.00

    The shell tool within GitHub Copilot CLI versions prior to and including 0.0.422 can allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent (e.g., via prompt injection through repository…

  • CVE-2026-23653MedApr 14, 2026
    risk 0.37cvss 5.7epss 0.01

    Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network.

  • CVE-2026-21256Feb 10, 2026
    risk 0.00cvss epss 0.01

    Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network.

  • CVE-2026-21516Feb 10, 2026
    risk 0.00cvss epss 0.01

    Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code over a network.

  • CVE-2026-21523Feb 10, 2026
    risk 0.00cvss epss 0.01

    Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.

  • CVE-2025-64660Nov 20, 2025
    risk 0.00cvss epss 0.00

    Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network.