Microsoft Visual Studio Code VSCode Developer IDE
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Visual Studio Code.
Recent Microsoft Visual Studio Code Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2025-62453 | CVE-2025-62453 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability | November 11, 2025 |
| CVE-2025-62449 | CVE-2025-62449 Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability | November 11, 2025 |
| CVE-2025-62222 | CVE-2025-62222 Agentic AI and Visual Studio Code Remote Code Execution Vulnerability | November 11, 2025 |
| CVE-2025-55319 | CVE-2025-55319 Agentic AI and Visual Studio Code Remote Code Execution Vulnerability | September 12, 2025 |
| CVE-2025-49714 | CVE-2025-49714 Visual Studio Code Python Extension Remote Code Execution Vulnerability | July 8, 2025 |
| CVE-2025-32726 | CVE-2025-32726 Visual Studio Code Elevation of Privilege Vulnerability | July 4, 2025 |
| CVE-2025-21264 | CVE-2025-21264 Visual Studio Code Security Feature Bypass Vulnerability | May 13, 2025 |
| CVE-2025-20570 | CVE-2025-20570 Visual Studio Code Elevation of Privilege Vulnerability | April 8, 2025 |
| CVE-2025-26631 | CVE-2025-26631 Visual Studio Code Elevation of Privilege Vulnerability | March 11, 2025 |
| CVE-2025-24042 | CVE-2025-24042 Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability | February 11, 2025 |
By the Year
In 2025 there have been 8 vulnerabilities in Microsoft Visual Studio Code with an average score of 7.2 out of ten. Last year, in 2024 Visual Studio Code had 5 security vulnerabilities published. That is, 3 more vulnerabilities have already been reported in 2025 as compared to last year. Last year, the average CVE base score was greater by 1.29
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 8 | 7.18 |
| 2024 | 5 | 8.46 |
| 2023 | 6 | 7.40 |
| 2022 | 7 | 7.54 |
| 2021 | 19 | 7.52 |
| 2020 | 12 | 7.90 |
| 2019 | 1 | 7.80 |
| 2018 | 1 | 7.80 |
It may take a day or so for new Visual Studio Code vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Visual Studio Code Security Vulnerabilities
Nov 2025: GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
CVE-2025-62453
5 - Medium
- November 11, 2025
Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally.
1426
Sep 2025: Agentic AI and Visual Studio Code Remote Code Execution Vulnerability
CVE-2025-55319
8.8 - High
- September 12, 2025
Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network.
Command Injection
VS Code Python Extension Local Code Exec via Trust Boundary Violation
CVE-2025-49714
7.8 - High
- July 08, 2025
Trust boundary violation in Visual Studio Code - Python extension allows an unauthorized attacker to execute code locally.
Trust Boundary Violation
VS Code: Directory Access Bypass Enables Local External Access (CVE-2025-21264)
CVE-2025-21264
7.1 - High
- May 13, 2025
Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
Files or Directories Accessible to External Parties
VS Code Improper Access Control Enables Local Privilege Escalation
CVE-2025-32726
6.8 - Medium
- April 12, 2025
Improper access control in Visual Studio Code allows an authorized attacker to elevate privileges locally.
Authorization
CVE-2025-26631: Uncontrolled PATH in VS Code Enables Base Privilege Escalation.
CVE-2025-26631
7.3 - High
- March 11, 2025
Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally.
DLL preloading
VS Code Elevation of Privilege via Extension (CVE-2025-24039)
CVE-2025-24039
7.3 - High
- February 11, 2025
Visual Studio Code Elevation of Privilege Vulnerability
DLL preloading
VSC JS Debug Extension Priv Esc Vulnerability
CVE-2025-24042
7.3 - High
- February 11, 2025
Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability
Authorization
VSCode Python Extension Remote Code Execution Vulnerability
CVE-2024-49050
8.8 - High
- November 12, 2024
Visual Studio Code Python Extension Remote Code Execution Vulnerability
Trust Boundary Violation
Visual Studio Code Remote Extension Elevation of Privilege Vulnerability
CVE-2024-49049
7.1 - High
- November 12, 2024
Visual Studio Code Remote Extension Elevation of Privilege Vulnerability
Authorization
VS Code Linux RCE Vulnerability
CVE-2024-43601
7.8 - High
- October 08, 2024
Visual Studio Code for Linux Remote Code Execution Vulnerability
Command Injection
Missing Auth in Arduino VS Code Extension Enables RCE
CVE-2024-43488
9.8 - Critical
- October 08, 2024
Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector.
Missing Authentication for Critical Function
VS Code Privilege Escalation via Unsanitized Input
CVE-2024-26165
8.8 - High
- March 12, 2024
Visual Studio Code Elevation of Privilege Vulnerability
VS Code Python Extension RCE Vulnerability (CVE-2020-17163)
CVE-2020-17163
7.8 - High
- December 29, 2023
Visual Studio Code Python Extension Remote Code Execution Vulnerability
Sep 2023: Visual Studio Code Remote Code Execution Vulnerability
CVE-2023-36742
7.8 - High
- September 12, 2023
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Spoofing Vulnerability
CVE-2023-33144
6.6 - Medium
- June 14, 2023
Visual Studio Code Spoofing Vulnerability
Visual Studio Code Spoofing Vulnerability
CVE-2023-29338
6.6 - Medium
- May 09, 2023
Visual Studio Code Spoofing Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
CVE-2023-24893
7.8 - High
- April 11, 2023
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
CVE-2023-21779
7.8 - High
- January 10, 2023
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
CVE-2022-41034
7.8 - High
- October 11, 2022
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Information Disclosure Vulnerability
CVE-2022-41042
7.4 - High
- October 11, 2022
Visual Studio Code Information Disclosure Vulnerability
Visual Studio Code Elevation of Privilege Vulnerability
CVE-2022-38020
7.3 - High
- September 13, 2022
Visual Studio Code Elevation of Privilege Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
CVE-2022-30129
8.8 - High
- May 10, 2022
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Elevation of Privilege Vulnerability
CVE-2022-26921
7.3 - High
- April 15, 2022
Visual Studio Code Elevation of Privilege Vulnerability
Visual Studio Code Spoofing Vulnerability
CVE-2022-24526
6.1 - Medium
- March 09, 2022
Visual Studio Code Spoofing Vulnerability
Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability
CVE-2022-21991
8.1 - High
- February 09, 2022
Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-43891
7.8 - High
- December 15, 2021
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Spoofing Vulnerability
CVE-2021-43908
4.3 - Medium
- December 15, 2021
Visual Studio Code Spoofing Vulnerability
Visual Studio Code Elevation of Privilege Vulnerability
CVE-2021-42322
7.8 - High
- November 10, 2021
Visual Studio Code Elevation of Privilege Vulnerability
Improper Privilege Management
Visual Studio Code Spoofing Vulnerability
CVE-2021-26437
5.5 - Medium
- September 15, 2021
Visual Studio Code Spoofing Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-34528
7.8 - High
- July 14, 2021
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-34529
7.8 - High
- July 14, 2021
Visual Studio Code Remote Code Execution Vulnerability
Microsoft Visual Studio Spoofing Vulnerability
CVE-2021-34479
7.8 - High
- July 14, 2021
Microsoft Visual Studio Spoofing Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-31214
7.8 - High
- May 11, 2021
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-31211
7.8 - High
- May 11, 2021
Visual Studio Code Remote Code Execution Vulnerability
Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-28471
7.8 - High
- April 13, 2021
Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-28469
7.8 - High
- April 13, 2021
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-28457
7.8 - High
- April 13, 2021
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-28477
7 - High
- April 13, 2021
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-28473
7.8 - High
- April 13, 2021
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-28475
7.8 - High
- April 13, 2021
Visual Studio Code Remote Code Execution Vulnerability
The unofficial MATLAB extension before 2.0.1 for Visual Studio Code
CVE-2021-28967
9.8 - Critical
- March 24, 2021
The unofficial MATLAB extension before 2.0.1 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace because of lint configuration settings.
Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability
CVE-2021-27084
7.8 - High
- March 11, 2021
Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-27060
7.8 - High
- March 11, 2021
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-1639
7 - High
- February 25, 2021
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability
CVE-2020-17159
7.8 - High
- December 10, 2020
Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
CVE-2020-17150
7.8 - High
- December 10, 2020
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability
CVE-2020-17148
7.8 - High
- December 10, 2020
Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability
Visual Studio Code JSHint Extension Remote Code Execution Vulnerability
CVE-2020-17104
7.8 - High
- November 11, 2020
Visual Studio Code JSHint Extension Remote Code Execution Vulnerability
<p>A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file
CVE-2020-17023
7.8 - High
- October 16, 2020
<p>A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would need to convince a target to clone a repository and open it in Visual Studio Code. Attacker-specified code would execute when the target opens the malicious 'package.json' file.</p> <p>The update address the vulnerability by modifying the way Visual Studio Code handles JSON files.</p>
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Visual Studio Code or by Microsoft? Click the Watch button to subscribe.
