Microsoft Visual Studio Code
Recent Microsoft Visual Studio Code Security Advisories
Advisory | Title | Published |
---|---|---|
CVE-2024-26165 | Visual Studio Code Elevation of Privilege Vulnerability | March 12, 2024 |
CVE-2023-36018 | Visual Studio Code Jupyter Extension Spoofing Vulnerability | November 14, 2023 |
CVE-2023-36742 | Visual Studio Code Remote Code Execution Vulnerability | September 12, 2023 |
CVE-2023-39956 | Electron: CVE-2023-39956 -Visual Studio Code Remote Code Execution Vulnerability | September 12, 2023 |
CVE-2023-36867 | Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability | July 11, 2023 |
CVE-2023-36867 | Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability | July 11, 2023 |
CVE-2023-33144 | Visual Studio Code Spoofing Vulnerability | June 13, 2023 |
CVE-2023-29338 | Visual Studio Code Information Disclosure Vulnerability | May 9, 2023 |
CVE-2023-24893 | Visual Studio Code Remote Code Execution Vulnerability | April 11, 2023 |
CVE-2023-21779 | Visual Studio Code Remote Code Execution | January 10, 2023 |
By the Year
In 2024 there have been 0 vulnerabilities in Microsoft Visual Studio Code . Last year Visual Studio Code had 5 security vulnerabilities published. Right now, Visual Studio Code is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 5 | 7.32 |
2022 | 7 | 7.54 |
2021 | 19 | 7.52 |
2020 | 12 | 7.90 |
2019 | 1 | 7.80 |
2018 | 1 | 7.80 |
It may take a day or so for new Visual Studio Code vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Visual Studio Code Security Vulnerabilities
Visual Studio Code Remote Code Execution Vulnerability
CVE-2023-36742
7.8 - High
- September 12, 2023
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Spoofing Vulnerability
CVE-2023-33144
6.6 - Medium
- June 14, 2023
Visual Studio Code Spoofing Vulnerability
Visual Studio Code Spoofing Vulnerability
CVE-2023-29338
6.6 - Medium
- May 09, 2023
Visual Studio Code Spoofing Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
CVE-2023-24893
7.8 - High
- April 11, 2023
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
CVE-2023-21779
7.8 - High
- January 10, 2023
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
CVE-2022-41034
7.8 - High
- October 11, 2022
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Information Disclosure Vulnerability
CVE-2022-41042
7.4 - High
- October 11, 2022
Visual Studio Code Information Disclosure Vulnerability
Visual Studio Code Elevation of Privilege Vulnerability
CVE-2022-38020
7.3 - High
- September 13, 2022
Visual Studio Code Elevation of Privilege Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
CVE-2022-30129
8.8 - High
- May 10, 2022
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Elevation of Privilege Vulnerability
CVE-2022-26921
7.3 - High
- April 15, 2022
Visual Studio Code Elevation of Privilege Vulnerability
Visual Studio Code Spoofing Vulnerability
CVE-2022-24526
6.1 - Medium
- March 09, 2022
Visual Studio Code Spoofing Vulnerability
Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability
CVE-2022-21991
8.1 - High
- February 09, 2022
Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-43891
7.8 - High
- December 15, 2021
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Spoofing Vulnerability
CVE-2021-43908
4.3 - Medium
- December 15, 2021
Visual Studio Code Spoofing Vulnerability
Visual Studio Code Elevation of Privilege Vulnerability
CVE-2021-42322
7.8 - High
- November 10, 2021
Visual Studio Code Elevation of Privilege Vulnerability
Improper Privilege Management
Visual Studio Code Spoofing Vulnerability
CVE-2021-26437
5.5 - Medium
- September 15, 2021
Visual Studio Code Spoofing Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-34528
7.8 - High
- July 14, 2021
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-34529
7.8 - High
- July 14, 2021
Visual Studio Code Remote Code Execution Vulnerability
Microsoft Visual Studio Spoofing Vulnerability
CVE-2021-34479
7.8 - High
- July 14, 2021
Microsoft Visual Studio Spoofing Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-31214
7.8 - High
- May 11, 2021
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-31211
7.8 - High
- May 11, 2021
Visual Studio Code Remote Code Execution Vulnerability
Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-28471
7.8 - High
- April 13, 2021
Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-28469
7.8 - High
- April 13, 2021
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-28457
7.8 - High
- April 13, 2021
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-28477
7 - High
- April 13, 2021
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-28475
7.8 - High
- April 13, 2021
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-28473
7.8 - High
- April 13, 2021
Visual Studio Code Remote Code Execution Vulnerability
The unofficial MATLAB extension before 2.0.1 for Visual Studio Code
CVE-2021-28967
9.8 - Critical
- March 24, 2021
The unofficial MATLAB extension before 2.0.1 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace because of lint configuration settings.
Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability
CVE-2021-27084
7.8 - High
- March 11, 2021
Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-27060
7.8 - High
- March 11, 2021
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
CVE-2021-1639
7 - High
- February 25, 2021
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability
CVE-2020-17148
7.8 - High
- December 10, 2020
Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability
Visual Studio Code Remote Code Execution Vulnerability
CVE-2020-17150
7.8 - High
- December 10, 2020
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability
CVE-2020-17159
7.8 - High
- December 10, 2020
Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability
Visual Studio Code JSHint Extension Remote Code Execution Vulnerability
CVE-2020-17104
7.8 - High
- November 11, 2020
Visual Studio Code JSHint Extension Remote Code Execution Vulnerability
<p>A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file
CVE-2020-17023
7.8 - High
- October 16, 2020
<p>A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would need to convince a target to clone a repository and open it in Visual Studio Code. Attacker-specified code would execute when the target opens the malicious 'package.json' file.</p> <p>The update address the vulnerability by modifying the way Visual Studio Code handles JSON files.</p>
<p>A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads a Jupyter notebook file
CVE-2020-16977
7 - High
- October 16, 2020
<p>A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads a Jupyter notebook file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would need to convince a target to open a specially crafted file in Visual Studio Code with the Python extension installed.</p> <p>The update addresses the vulnerability by modifying the way Visual Studio Code Python extension renders notebook content.</p>
<p>A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file
CVE-2020-16881
7.8 - High
- September 11, 2020
<p>A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would need to convince a target to clone a repository and open it in Visual Studio Code. Attacker-specified code would execute when the target opens the malicious 'package.json' file.</p> <p>The update address the vulnerability by modifying the way Visual Studio Code handles JSON files.</p>
A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project
CVE-2020-0604
7.8 - High
- August 17, 2020
A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to convince a target to clone a repository and open it in Visual Studio Code. Attacker-specified code would execute when the target opened the integrated terminal. The update address the vulnerability by modifying the way Visual Studio Code handles environment variables.
An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies
CVE-2020-1416
8.8 - High
- July 14, 2020
An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability'.
Improper Privilege Management
A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads workspace settings
CVE-2020-1192
7.8 - High
- May 21, 2020
A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads workspace settings from a notebook file, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1171.
A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads configuration files after opening a project
CVE-2020-1171
8.8 - High
- May 21, 2020
A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads configuration files after opening a project, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1192.
An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer
CVE-2019-1414
7.8 - High
- January 24, 2020
An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer, aka 'Visual Studio Code Elevation of Privilege Vulnerability'.
A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project
CVE-2019-0728
7.8 - High
- March 05, 2019
A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project, aka 'Visual Studio Code Remote Code Execution Vulnerability'.
Code Injection
Untrusted search path vulnerability in the installer of Visual Studio Code
CVE-2018-0597
7.8 - High
- June 26, 2018
Untrusted search path vulnerability in the installer of Visual Studio Code allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Untrusted Path
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Visual Studio Code or by Microsoft? Click the Watch button to subscribe.