CVE Vulnerabilities for Microsoft Visual Studio Code
| CVE | Published | Severity | Details | Exploitability | Impact | Vector |
|---|---|---|---|---|---|---|
| CVE‑2026‑41109 | 2026‑05‑12 18:17:22 | HIGH (9) | Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network. | 3 | 6 | NETWORK |
| CVE‑2026‑21523 | 2026‑02‑10 18:16:35 | HIGH (8) | Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network. | 2 | 6 | NETWORK |
| CVE‑2026‑21518 | 2026‑02‑10 18:16:34 | HIGH (9) | Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network. | 3 | 6 | NETWORK |
| CVE‑2025‑64660 | 2025‑11‑20 23:15:57 | HIGH (8) | Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network. | 2 | 6 | NETWORK |
| CVE‑2025‑62453 | 2025‑11‑11 18:15:50 | MEDIUM (5) | Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally. | 1 | 4 | LOCAL |
| CVE‑2021‑34479 | 2021‑07‑14 18:15:11 | HIGH (8) | Microsoft Visual Studio Spoofing Vulnerability | 2 | 6 | LOCAL |
| CVE‑2020‑16977 | 2020‑10‑16 23:15:17 | HIGH (7) | <p>A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads a Jupyter notebook file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would need to convince a target to open a specially crafted file in Visual Studio Code with the Python extension installed.</p> <p>The update addresses the vulnerability by modifying the way Visual Studio Code Python extension renders notebook content.</p> | 1 | 6 | LOCAL |
| CVE‑2020‑1192 | 2020‑05‑21 23:15:19 | HIGH (8) | A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads workspace settings from a notebook file, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1171. | 2 | 6 | LOCAL |
| CVE‑2020‑1171 | 2020‑05‑21 23:15:18 | HIGH (9) | A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads configuration files after opening a project, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1192. | 3 | 6 | NETWORK |
View OS-specific patching for:
Windows Mac Linux
Logos, products, trade names, and company names are all the property of their respective trademark holders.
The above listing includes products that Lavawall® monitors through public information and/or proprietary statistical analysis.
Although we do have a partner relationship with some of the listed products and companies, they do not necessarily endorse Lavawall® or have integrations with our systems.