52 known vulnerabilities · sorted by CVSS score
An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability'.
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network.
Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network.
Visual Studio Code Elevation of Privilege Vulnerability
Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector.
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability
Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network.
Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.
Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability
An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer, aka 'Visual Studio Code Elevation of Privilege Vulnerability'.
Untrusted search path vulnerability in the installer of Visual Studio Code allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project, aka 'Visual Studio Code Remote Code Execution Vulnerability'.
Microsoft Visual Studio Spoofing Vulnerability