Microsoft Visual Studio Code

Do you want an email whenever new security vulnerabilities are reported in Microsoft Visual Studio Code?

Recent Microsoft Visual Studio Code Security Advisories

Advisory	Title	Published
CVE-2023-29338	Visual Studio Code Information Disclosure Vulnerability	May 9, 2023
CVE-2023-24893	Visual Studio Code Remote Code Execution Vulnerability	April 11, 2023
CVE-2023-21779	Visual Studio Code Remote Code Execution	January 10, 2023
CVE-2022-41034	Visual Studio Code Remote Code Execution Vulnerability	October 11, 2022
CVE-2022-41083	Visual Studio Code Elevation of Privilege Vulnerability	October 11, 2022
CVE-2022-41042	Visual Studio Code Information Disclosure Vulnerability	October 11, 2022
CVE-2022-38020	Visual Studio Code Elevation of Privilege Vulnerability	September 13, 2022
CVE-2022-30129	Visual Studio Code Remote Code Execution Vulnerability	May 10, 2022
CVE-2022-26921	Visual Studio Code Elevation of Privilege Vulnerability	April 12, 2022
CVE-2022-24526	Visual Studio Code Spoofing Vulnerability	March 8, 2022

By the Year

In 2023 there have been 3 vulnerabilities in Microsoft Visual Studio Code with an average score of 6.9 out of ten. Last year Visual Studio Code had 7 security vulnerabilities published. At the current rates, it appears that the number of vulnerabilities last year and this year may equal out. Last year, the average CVE base score was greater by 0.66

Year	Vulnerabilities	Average Score
2023	3	6.87
2022	7	7.53
2021	19	7.36
2020	12	8.05
2019	1	7.80
2018	1	7.80

It may take a day or so for new Visual Studio Code vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Visual Studio Code Security Vulnerabilities

Visual Studio Code Information Disclosure Vulnerability

CVE-2023-29338 5 - Medium - May 09, 2023

Visual Studio Code Information Disclosure Vulnerability

Visual Studio Code Remote Code Execution Vulnerability

CVE-2023-24893 7.8 - High - April 11, 2023

Visual Studio Code Remote Code Execution Vulnerability

Visual Studio Code Remote Code Execution Vulnerability

CVE-2023-21779 7.8 - High - January 10, 2023

Visual Studio Code Remote Code Execution Vulnerability

Visual Studio Code Remote Code Execution Vulnerability.

CVE-2022-41034 7.8 - High - October 11, 2022

Visual Studio Code Remote Code Execution Vulnerability.

Visual Studio Code Information Disclosure Vulnerability.

CVE-2022-41042 7.4 - High - October 11, 2022

Visual Studio Code Information Disclosure Vulnerability.

Visual Studio Code Elevation of Privilege Vulnerability

CVE-2022-38020 7.3 - High - September 13, 2022

Visual Studio Code Elevation of Privilege Vulnerability

Visual Studio Code Remote Code Execution Vulnerability.

CVE-2022-30129 8.8 - High - May 10, 2022

Visual Studio Code Remote Code Execution Vulnerability.

Visual Studio Code Elevation of Privilege Vulnerability.

CVE-2022-26921 7.8 - High - April 15, 2022

Visual Studio Code Elevation of Privilege Vulnerability.

Visual Studio Code Spoofing Vulnerability.

CVE-2022-24526 5.5 - Medium - March 09, 2022

Visual Studio Code Spoofing Vulnerability.

Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability.

CVE-2022-21991 8.1 - High - February 09, 2022

Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability.

Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-43891 7.8 - High - December 15, 2021

Visual Studio Code Remote Code Execution Vulnerability

Visual Studio Code Spoofing Vulnerability

CVE-2021-43908 4.3 - Medium - December 15, 2021

Visual Studio Code Spoofing Vulnerability

Visual Studio Code Elevation of Privilege Vulnerability

CVE-2021-42322 7.8 - High - November 10, 2021

Visual Studio Code Elevation of Privilege Vulnerability

Improper Privilege Management

Visual Studio Code Spoofing Vulnerability

CVE-2021-26437 3.3 - Low - September 15, 2021

Visual Studio Code Spoofing Vulnerability

Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-34528 7.8 - High - July 14, 2021

Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34529.

Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-34529 7.8 - High - July 14, 2021

Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34528.

Microsoft Visual Studio Spoofing Vulnerability

CVE-2021-34479 5.5 - Medium - July 14, 2021

Microsoft Visual Studio Spoofing Vulnerability

Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-31214 7.8 - High - May 11, 2021

Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31211.

Command Injection

Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-31211 7.8 - High - May 11, 2021

Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31214.

Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-28469 7.8 - High - April 13, 2021

Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28457, CVE-2021-28473, CVE-2021-28475, CVE-2021-28477.

Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-28471 7.8 - High - April 13, 2021

Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability

Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-28457 7.8 - High - April 13, 2021

Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28469, CVE-2021-28473, CVE-2021-28475, CVE-2021-28477.

Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-28477 7.8 - High - April 13, 2021

Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28457, CVE-2021-28469, CVE-2021-28473, CVE-2021-28475.

Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-28475 7.8 - High - April 13, 2021

Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28457, CVE-2021-28469, CVE-2021-28473, CVE-2021-28477.

Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-28473 7.8 - High - April 13, 2021

Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28457, CVE-2021-28469, CVE-2021-28475, CVE-2021-28477.

The unofficial MATLAB extension before 2.0.1 for Visual Studio Code

CVE-2021-28967 9.8 - Critical - March 24, 2021

The unofficial MATLAB extension before 2.0.1 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace because of lint configuration settings.

Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability

CVE-2021-27084 7.8 - High - March 11, 2021

Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability

Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-27060 7.8 - High - March 11, 2021

Visual Studio Code Remote Code Execution Vulnerability

Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-1639 7.8 - High - February 25, 2021

Visual Studio Code Remote Code Execution Vulnerability

Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability

CVE-2020-17159 7.8 - High - December 10, 2020

Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability

Code Injection

Visual Studio Code Remote Code Execution Vulnerability

CVE-2020-17150 7.8 - High - December 10, 2020

Visual Studio Code Remote Code Execution Vulnerability

Code Injection

Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability

CVE-2020-17148 7.8 - High - December 10, 2020

Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability

Code Injection

Visual Studio Code JSHint Extension Remote Code Execution Vulnerability

CVE-2020-17104 7.8 - High - November 11, 2020

Visual Studio Code JSHint Extension Remote Code Execution Vulnerability

Improper Input Validation

A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file

CVE-2020-17023 7.8 - High - October 16, 2020

A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file, aka 'Visual Studio JSON Remote Code Execution Vulnerability'.

A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads a Jupyter notebook file

CVE-2020-16977 7.8 - High - October 16, 2020

A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads a Jupyter notebook file, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'.

A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file

CVE-2020-16881 7.8 - High - September 11, 2020

A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file, aka 'Visual Studio JSON Remote Code Execution Vulnerability'.

Improper Input Validation

A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project

CVE-2020-0604 8.8 - High - August 17, 2020

A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project, aka 'Visual Studio Code Remote Code Execution Vulnerability'.

An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies

CVE-2020-1416 8.8 - High - July 14, 2020

An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability'.

Improper Privilege Management

A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads workspace settings

CVE-2020-1192 7.8 - High - May 21, 2020

A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads workspace settings from a notebook file, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1171.

A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads configuration files after opening a project

CVE-2020-1171 8.8 - High - May 21, 2020

A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads configuration files after opening a project, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1192.

An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer

CVE-2019-1414 7.8 - High - January 24, 2020

An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer, aka 'Visual Studio Code Elevation of Privilege Vulnerability'.

A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project

CVE-2019-0728 7.8 - High - March 05, 2019

A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project, aka 'Visual Studio Code Remote Code Execution Vulnerability'.

Code Injection

Untrusted search path vulnerability in the installer of Visual Studio Code

CVE-2018-0597 7.8 - High - June 26, 2018

Untrusted search path vulnerability in the installer of Visual Studio Code allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Untrusted Path

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Visual Studio Code or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

Microsoft Visual Studio Code
Product

Microsoft Visual Studio Code

Recent Microsoft Visual Studio Code Security Advisories

By the Year

Recent Microsoft Visual Studio Code Security Vulnerabilities

Visual Studio Code Information Disclosure Vulnerability CVE-2023-29338 5 - Medium - May 09, 2023

Visual Studio Code Remote Code Execution Vulnerability CVE-2023-24893 7.8 - High - April 11, 2023

Visual Studio Code Remote Code Execution Vulnerability CVE-2023-21779 7.8 - High - January 10, 2023

Visual Studio Code Remote Code Execution Vulnerability. CVE-2022-41034 7.8 - High - October 11, 2022

Visual Studio Code Information Disclosure Vulnerability. CVE-2022-41042 7.4 - High - October 11, 2022

Visual Studio Code Elevation of Privilege Vulnerability CVE-2022-38020 7.3 - High - September 13, 2022

Visual Studio Code Remote Code Execution Vulnerability. CVE-2022-30129 8.8 - High - May 10, 2022

Visual Studio Code Elevation of Privilege Vulnerability. CVE-2022-26921 7.8 - High - April 15, 2022

Visual Studio Code Spoofing Vulnerability. CVE-2022-24526 5.5 - Medium - March 09, 2022

Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability. CVE-2022-21991 8.1 - High - February 09, 2022

Visual Studio Code Remote Code Execution Vulnerability CVE-2021-43891 7.8 - High - December 15, 2021

Visual Studio Code Spoofing Vulnerability CVE-2021-43908 4.3 - Medium - December 15, 2021

Visual Studio Code Elevation of Privilege Vulnerability CVE-2021-42322 7.8 - High - November 10, 2021

Visual Studio Code Spoofing Vulnerability CVE-2021-26437 3.3 - Low - September 15, 2021

Visual Studio Code Remote Code Execution Vulnerability CVE-2021-34528 7.8 - High - July 14, 2021

Visual Studio Code Remote Code Execution Vulnerability CVE-2021-34529 7.8 - High - July 14, 2021

Microsoft Visual Studio Spoofing Vulnerability CVE-2021-34479 5.5 - Medium - July 14, 2021

Visual Studio Code Remote Code Execution Vulnerability CVE-2021-31214 7.8 - High - May 11, 2021

Visual Studio Code Remote Code Execution Vulnerability CVE-2021-31211 7.8 - High - May 11, 2021

Visual Studio Code Remote Code Execution Vulnerability CVE-2021-28469 7.8 - High - April 13, 2021

Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability CVE-2021-28471 7.8 - High - April 13, 2021

Visual Studio Code Remote Code Execution Vulnerability CVE-2021-28457 7.8 - High - April 13, 2021

Visual Studio Code Remote Code Execution Vulnerability CVE-2021-28477 7.8 - High - April 13, 2021

Visual Studio Code Remote Code Execution Vulnerability CVE-2021-28475 7.8 - High - April 13, 2021

Visual Studio Code Remote Code Execution Vulnerability CVE-2021-28473 7.8 - High - April 13, 2021

The unofficial MATLAB extension before 2.0.1 for Visual Studio Code CVE-2021-28967 9.8 - Critical - March 24, 2021

Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability CVE-2021-27084 7.8 - High - March 11, 2021

Visual Studio Code Remote Code Execution Vulnerability CVE-2021-27060 7.8 - High - March 11, 2021

Visual Studio Code Remote Code Execution Vulnerability CVE-2021-1639 7.8 - High - February 25, 2021

Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability CVE-2020-17159 7.8 - High - December 10, 2020

Visual Studio Code Remote Code Execution Vulnerability CVE-2020-17150 7.8 - High - December 10, 2020

Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability CVE-2020-17148 7.8 - High - December 10, 2020

Visual Studio Code JSHint Extension Remote Code Execution Vulnerability CVE-2020-17104 7.8 - High - November 11, 2020

A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file CVE-2020-17023 7.8 - High - October 16, 2020

A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads a Jupyter notebook file CVE-2020-16977 7.8 - High - October 16, 2020

A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file CVE-2020-16881 7.8 - High - September 11, 2020

A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project CVE-2020-0604 8.8 - High - August 17, 2020

An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies CVE-2020-1416 8.8 - High - July 14, 2020

A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads workspace settings CVE-2020-1192 7.8 - High - May 21, 2020

A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads configuration files after opening a project CVE-2020-1171 8.8 - High - May 21, 2020

An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer CVE-2019-1414 7.8 - High - January 24, 2020

A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project CVE-2019-0728 7.8 - High - March 05, 2019

Untrusted search path vulnerability in the installer of Visual Studio Code CVE-2018-0597 7.8 - High - June 26, 2018

Stay on top of Security Vulnerabilities

Microsoft Vendor

Microsoft Visual Studio CodeProduct

Visual Studio Code Information Disclosure Vulnerability

CVE-2023-29338 5 - Medium - May 09, 2023

Visual Studio Code Remote Code Execution Vulnerability

CVE-2023-24893 7.8 - High - April 11, 2023

Visual Studio Code Remote Code Execution Vulnerability

CVE-2023-21779 7.8 - High - January 10, 2023

Visual Studio Code Remote Code Execution Vulnerability.

CVE-2022-41034 7.8 - High - October 11, 2022

Visual Studio Code Information Disclosure Vulnerability.

CVE-2022-41042 7.4 - High - October 11, 2022

Visual Studio Code Elevation of Privilege Vulnerability

CVE-2022-38020 7.3 - High - September 13, 2022

Visual Studio Code Remote Code Execution Vulnerability.

CVE-2022-30129 8.8 - High - May 10, 2022

Visual Studio Code Elevation of Privilege Vulnerability.

CVE-2022-26921 7.8 - High - April 15, 2022

Visual Studio Code Spoofing Vulnerability.

CVE-2022-24526 5.5 - Medium - March 09, 2022

Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability.

CVE-2022-21991 8.1 - High - February 09, 2022

Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-43891 7.8 - High - December 15, 2021

Visual Studio Code Spoofing Vulnerability

CVE-2021-43908 4.3 - Medium - December 15, 2021

Visual Studio Code Elevation of Privilege Vulnerability

CVE-2021-42322 7.8 - High - November 10, 2021

Visual Studio Code Spoofing Vulnerability

CVE-2021-26437 3.3 - Low - September 15, 2021

Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-34528 7.8 - High - July 14, 2021

Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-34529 7.8 - High - July 14, 2021

Microsoft Visual Studio Spoofing Vulnerability

CVE-2021-34479 5.5 - Medium - July 14, 2021

Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-31214 7.8 - High - May 11, 2021

Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-31211 7.8 - High - May 11, 2021

Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-28469 7.8 - High - April 13, 2021

Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-28471 7.8 - High - April 13, 2021

Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-28457 7.8 - High - April 13, 2021

Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-28477 7.8 - High - April 13, 2021

Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-28475 7.8 - High - April 13, 2021

Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-28473 7.8 - High - April 13, 2021

The unofficial MATLAB extension before 2.0.1 for Visual Studio Code

CVE-2021-28967 9.8 - Critical - March 24, 2021

Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability

CVE-2021-27084 7.8 - High - March 11, 2021

Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-27060 7.8 - High - March 11, 2021

Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-1639 7.8 - High - February 25, 2021

Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability

CVE-2020-17159 7.8 - High - December 10, 2020

Visual Studio Code Remote Code Execution Vulnerability

CVE-2020-17150 7.8 - High - December 10, 2020

Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability

CVE-2020-17148 7.8 - High - December 10, 2020

Visual Studio Code JSHint Extension Remote Code Execution Vulnerability

CVE-2020-17104 7.8 - High - November 11, 2020

A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file

CVE-2020-17023 7.8 - High - October 16, 2020

A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads a Jupyter notebook file

CVE-2020-16977 7.8 - High - October 16, 2020

A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file

CVE-2020-16881 7.8 - High - September 11, 2020

A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project

CVE-2020-0604 8.8 - High - August 17, 2020

An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies

CVE-2020-1416 8.8 - High - July 14, 2020

A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads workspace settings

CVE-2020-1192 7.8 - High - May 21, 2020

A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads configuration files after opening a project

CVE-2020-1171 8.8 - High - May 21, 2020

An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer

CVE-2019-1414 7.8 - High - January 24, 2020

A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project

CVE-2019-0728 7.8 - High - March 05, 2019

Untrusted search path vulnerability in the installer of Visual Studio Code

CVE-2018-0597 7.8 - High - June 26, 2018

Microsoft
Vendor

Microsoft Visual Studio Code
Product