VYPR
Vendor

Roo Code

Products
2
CVEs
4
Across products
4
Status
Private

Products

2

Recent CVEs

4
  • CVE-2025-54377HigJul 23, 2025
    risk 0.00cvss 7.8epss 0.01

    Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.23.18 and below, RooCode does not validate line breaks (\n) in its command input, allowing potential bypass of the allow-list mechanism. The project appears to lack parsing or…

  • CVE-2025-53536HigJul 7, 2025
    risk 0.00cvss 8.1epss 0.01

    Roo Code is an AI-powered autonomous coding agent. Prior to 3.22.6, if the victim had "Write" auto-approved, an attacker with the ability to submit prompts to the agent could write to VS Code settings files and trigger code execution. There were multiple ways to achieve that.…

  • CVE-2025-53098HigJun 27, 2025
    risk 0.00cvss 8.1epss 0.01

    Roo Code is an AI-powered autonomous coding agent. The project-specific MCP configuration for the Roo Code agent is stored in the `.roo/mcp.json` file within the VS Code workspace. Because the MCP configuration format allows for execution of arbitrary commands, prior to version…

  • CVE-2025-53097MedJun 27, 2025
    risk 0.00cvss 5.9epss 0.00

    Roo Code is an AI-powered autonomous coding agent. Prior to version 3.20.3, there was an issue where the Roo Code agent's `search_files` tool did not respect the setting to disable reads outside of the VS Code workspace. This means that an attacker who was able to inject a…