VYPR

Code Server

by Coder

Source repositories

CVEs (2)

  • CVE-2025-47269HigMay 9, 2025
    risk 0.50cvss 8.3epss 0.34

    code-server runs VS Code on any machine anywhere through browser access. Prior to version 4.99.4, a maliciously crafted URL using the proxy subpath can result in the attacker gaining access to the session token. Failure to properly validate the port for a proxy request can…

  • CVE-2021-42648May 11, 2022
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability exists in Coder Code-Server before 3.12.0, allows attackers to execute arbitrary code via crafted URL.