Visual Studio Code CoPilot Chat Extension
by Microsoft
CVEs (18)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-43907 | Cri | 0.64 | 9.8 | 0.04 | Dec 15, 2021 | Visual Studio Code WSL Extension Remote Code Execution Vulnerability | ||
| CVE-2024-49050 | Hig | 0.57 | 8.8 | 0.01 | Nov 12, 2024 | Visual Studio Code Python Extension Remote Code Execution Vulnerability | ||
| CVE-2021-27084 | Hig | 0.56 | 7.8 | 0.61 | Mar 11, 2021 | Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability | ||
| CVE-2025-49714 | Hig | 0.51 | 7.8 | 0.00 | Jul 8, 2025 | Trust boundary violation in Visual Studio Code - Python extension allows an unauthorized attacker to execute code locally. | ||
| CVE-2020-17163 | Hig | 0.51 | 7.8 | 0.01 | Dec 29, 2023 | Visual Studio Code Python Extension Remote Code Execution Vulnerability | ||
| CVE-2023-36018 | Hig | 0.51 | 7.8 | 0.02 | Nov 14, 2023 | Visual Studio Code Jupyter Extension Spoofing Vulnerability | ||
| CVE-2022-41083 | Hig | 0.51 | 7.8 | 0.01 | Oct 11, 2022 | Visual Studio Code Elevation of Privilege Vulnerability | ||
| CVE-2021-26700 | Hig | 0.51 | 7.8 | 0.06 | Feb 25, 2021 | Visual Studio Code npm-script Extension Remote Code Execution Vulnerability | ||
| CVE-2020-17150 | Hig | 0.51 | 7.8 | 0.03 | Dec 10, 2020 | Visual Studio Code Remote Code Execution Vulnerability | ||
| CVE-2020-17148 | Hig | 0.51 | 7.8 | 0.04 | Dec 10, 2020 | Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability | ||
| CVE-2025-24042 | Hig | 0.48 | 7.3 | 0.01 | Feb 11, 2025 | Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability | ||
| CVE-2025-21264 | Hig | 0.46 | 7.1 | 0.01 | May 13, 2025 | Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. | ||
| CVE-2024-49049 | Hig | 0.46 | 7.1 | 0.00 | Nov 12, 2024 | Visual Studio Code Remote Extension Elevation of Privilege Vulnerability | ||
| CVE-2020-16977 | Hig | 0.46 | 7.0 | 0.03 | Oct 16, 2020 | A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads a Jupyter notebook file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on… | ||
| CVE-2026-21523 | 0.00 | — | 0.01 | Feb 10, 2026 | Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network. | |||
| CVE-2026-21518 | 0.00 | — | 0.01 | Feb 10, 2026 | Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network. | |||
| CVE-2025-62449 | 0.00 | — | 0.00 | Nov 11, 2025 | Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally. | |||
| CVE-2025-62222 | 0.00 | — | 0.01 | Nov 11, 2025 | Improper neutralization of special elements used in a command ('command injection') in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network. |
- risk 0.64cvss 9.8epss 0.04
Visual Studio Code WSL Extension Remote Code Execution Vulnerability
- risk 0.57cvss 8.8epss 0.01
Visual Studio Code Python Extension Remote Code Execution Vulnerability
- risk 0.56cvss 7.8epss 0.61
Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.00
Trust boundary violation in Visual Studio Code - Python extension allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.01
Visual Studio Code Python Extension Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.02
Visual Studio Code Jupyter Extension Spoofing Vulnerability
- risk 0.51cvss 7.8epss 0.01
Visual Studio Code Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.06
Visual Studio Code npm-script Extension Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.03
Visual Studio Code Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.04
Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability
- risk 0.48cvss 7.3epss 0.01
Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability
- risk 0.46cvss 7.1epss 0.01
Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
- risk 0.46cvss 7.1epss 0.00
Visual Studio Code Remote Extension Elevation of Privilege Vulnerability
- risk 0.46cvss 7.0epss 0.03
A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads a Jupyter notebook file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on…
- CVE-2026-21523Feb 10, 2026risk 0.00cvss —epss 0.01
Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.
- CVE-2026-21518Feb 10, 2026risk 0.00cvss —epss 0.01
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network.
- CVE-2025-62449Nov 11, 2025risk 0.00cvss —epss 0.00
Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally.
- CVE-2025-62222Nov 11, 2025risk 0.00cvss —epss 0.01
Improper neutralization of special elements used in a command ('command injection') in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network.