Visual Studio Code Microsoft Visual Studio Code VSCode Developer IDE

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft Visual Studio Code.

Recent Microsoft Visual Studio Code Security Advisories

Advisory Title Published
CVE-2025-21264 CVE-2025-21264 Visual Studio Code Security Feature Bypass Vulnerability May 13, 2025
CVE-2025-20570 CVE-2025-20570 Visual Studio Code Elevation of Privilege Vulnerability April 8, 2025
CVE-2025-26631 CVE-2025-26631 Visual Studio Code Elevation of Privilege Vulnerability March 11, 2025
CVE-2025-24042 CVE-2025-24042 Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability February 11, 2025
CVE-2025-24039 CVE-2025-24039 Visual Studio Code Elevation of Privilege Vulnerability February 11, 2025
CVE-2024-49050 CVE-2024-49050 Visual Studio Code Python Extension Remote Code Execution Vulnerability November 12, 2024
CVE-2024-49049 CVE-2024-49049 Visual Studio Code Remote Extension Elevation of Privilege Vulnerability November 12, 2024
CVE-2024-43488 CVE-2024-43488 Visual Studio Code extension for Arduino Remote Code Execution Vulnerability October 8, 2024
CVE-2024-43601 CVE-2024-43601 Visual Studio Code for Linux Remote Code Execution Vulnerability October 8, 2024
CVE-2024-26165 Visual Studio Code Elevation of Privilege Vulnerability March 12, 2024

By the Year

In 2025 there have been 0 vulnerabilities in Microsoft Visual Studio Code. Last year, in 2024 Visual Studio Code had 5 security vulnerabilities published. Right now, Visual Studio Code is on track to have less security vulnerabilities in 2025 than it did last year.




Year Vulnerabilities Average Score
2025 0 0.00
2024 5 8.46
2023 5 7.32
2022 7 7.54
2021 19 7.52
2020 12 7.90
2019 1 7.80
2018 1 7.80

It may take a day or so for new Visual Studio Code vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Visual Studio Code Security Vulnerabilities

Visual Studio Code Remote Extension Elevation of Privilege Vulnerability

CVE-2024-49049 7.1 - High - November 12, 2024

Visual Studio Code Remote Extension Elevation of Privilege Vulnerability

Authorization

VSCode Python Extension Remote Code Execution Vulnerability

CVE-2024-49050 8.8 - High - November 12, 2024

Visual Studio Code Python Extension Remote Code Execution Vulnerability

Trust Boundary Violation

Missing authentication for critical function in Visual Studio Code extension for Arduino

CVE-2024-43488 9.8 - Critical - October 08, 2024

Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector.

Missing Authentication for Critical Function

Visual Studio Code for Linux Remote Code Execution Vulnerability

CVE-2024-43601 7.8 - High - October 08, 2024

Visual Studio Code for Linux Remote Code Execution Vulnerability

Command Injection

Visual Studio Code Elevation of Privilege Vulnerability

CVE-2024-26165 8.8 - High - March 12, 2024

Visual Studio Code Elevation of Privilege Vulnerability

Visual Studio Code Remote Code Execution Vulnerability

CVE-2023-36742 7.8 - High - September 12, 2023

Visual Studio Code Remote Code Execution Vulnerability

Visual Studio Code Spoofing Vulnerability

CVE-2023-33144 6.6 - Medium - June 14, 2023

Visual Studio Code Spoofing Vulnerability

Visual Studio Code Spoofing Vulnerability

CVE-2023-29338 6.6 - Medium - May 09, 2023

Visual Studio Code Spoofing Vulnerability

Visual Studio Code Remote Code Execution Vulnerability

CVE-2023-24893 7.8 - High - April 11, 2023

Visual Studio Code Remote Code Execution Vulnerability

Visual Studio Code Remote Code Execution Vulnerability

CVE-2023-21779 7.8 - High - January 10, 2023

Visual Studio Code Remote Code Execution Vulnerability

Visual Studio Code Information Disclosure Vulnerability

CVE-2022-41042 7.4 - High - October 11, 2022

Visual Studio Code Information Disclosure Vulnerability

Visual Studio Code Remote Code Execution Vulnerability

CVE-2022-41034 7.8 - High - October 11, 2022

Visual Studio Code Remote Code Execution Vulnerability

Visual Studio Code Elevation of Privilege Vulnerability

CVE-2022-38020 7.3 - High - September 13, 2022

Visual Studio Code Elevation of Privilege Vulnerability

Visual Studio Code Remote Code Execution Vulnerability

CVE-2022-30129 8.8 - High - May 10, 2022

Visual Studio Code Remote Code Execution Vulnerability

Visual Studio Code Elevation of Privilege Vulnerability

CVE-2022-26921 7.3 - High - April 15, 2022

Visual Studio Code Elevation of Privilege Vulnerability

Visual Studio Code Spoofing Vulnerability

CVE-2022-24526 6.1 - Medium - March 09, 2022

Visual Studio Code Spoofing Vulnerability

Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability

CVE-2022-21991 8.1 - High - February 09, 2022

Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability

Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-43891 7.8 - High - December 15, 2021

Visual Studio Code Remote Code Execution Vulnerability

Visual Studio Code Spoofing Vulnerability

CVE-2021-43908 4.3 - Medium - December 15, 2021

Visual Studio Code Spoofing Vulnerability

Visual Studio Code Elevation of Privilege Vulnerability

CVE-2021-42322 7.8 - High - November 10, 2021

Visual Studio Code Elevation of Privilege Vulnerability

Improper Privilege Management

Visual Studio Code Spoofing Vulnerability

CVE-2021-26437 5.5 - Medium - September 15, 2021

Visual Studio Code Spoofing Vulnerability

Microsoft Visual Studio Spoofing Vulnerability

CVE-2021-34479 7.8 - High - July 14, 2021

Microsoft Visual Studio Spoofing Vulnerability

Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-34528 7.8 - High - July 14, 2021

Visual Studio Code Remote Code Execution Vulnerability

Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-34529 7.8 - High - July 14, 2021

Visual Studio Code Remote Code Execution Vulnerability

Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-31214 7.8 - High - May 11, 2021

Visual Studio Code Remote Code Execution Vulnerability

Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-31211 7.8 - High - May 11, 2021

Visual Studio Code Remote Code Execution Vulnerability

Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-28471 7.8 - High - April 13, 2021

Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability

Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-28469 7.8 - High - April 13, 2021

Visual Studio Code Remote Code Execution Vulnerability

Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-28457 7.8 - High - April 13, 2021

Visual Studio Code Remote Code Execution Vulnerability

Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-28477 7 - High - April 13, 2021

Visual Studio Code Remote Code Execution Vulnerability

Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-28475 7.8 - High - April 13, 2021

Visual Studio Code Remote Code Execution Vulnerability

Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-28473 7.8 - High - April 13, 2021

Visual Studio Code Remote Code Execution Vulnerability

The unofficial MATLAB extension before 2.0.1 for Visual Studio Code

CVE-2021-28967 9.8 - Critical - March 24, 2021

The unofficial MATLAB extension before 2.0.1 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace because of lint configuration settings.

Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability

CVE-2021-27084 7.8 - High - March 11, 2021

Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability

Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-27060 7.8 - High - March 11, 2021

Visual Studio Code Remote Code Execution Vulnerability

Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-1639 7 - High - February 25, 2021

Visual Studio Code Remote Code Execution Vulnerability

Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability

CVE-2020-17159 7.8 - High - December 10, 2020

Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability

Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability

CVE-2020-17148 7.8 - High - December 10, 2020

Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability

Visual Studio Code Remote Code Execution Vulnerability

CVE-2020-17150 7.8 - High - December 10, 2020

Visual Studio Code Remote Code Execution Vulnerability

Visual Studio Code JSHint Extension Remote Code Execution Vulnerability

CVE-2020-17104 7.8 - High - November 11, 2020

Visual Studio Code JSHint Extension Remote Code Execution Vulnerability

<p>A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file

CVE-2020-17023 7.8 - High - October 16, 2020

<p>A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would need to convince a target to clone a repository and open it in Visual Studio Code. Attacker-specified code would execute when the target opens the malicious 'package.json' file.</p> <p>The update address the vulnerability by modifying the way Visual Studio Code handles JSON files.</p>

<p>A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads a Jupyter notebook file

CVE-2020-16977 7 - High - October 16, 2020

<p>A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads a Jupyter notebook file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would need to convince a target to open a specially crafted file in Visual Studio Code with the Python extension installed.</p> <p>The update addresses the vulnerability by modifying the way Visual Studio Code Python extension renders notebook content.</p>

<p>A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file

CVE-2020-16881 7.8 - High - September 11, 2020

<p>A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would need to convince a target to clone a repository and open it in Visual Studio Code. Attacker-specified code would execute when the target opens the malicious 'package.json' file.</p> <p>The update address the vulnerability by modifying the way Visual Studio Code handles JSON files.</p>

A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project

CVE-2020-0604 7.8 - High - August 17, 2020

A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to convince a target to clone a repository and open it in Visual Studio Code. Attacker-specified code would execute when the target opened the integrated terminal. The update address the vulnerability by modifying the way Visual Studio Code handles environment variables.

An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies

CVE-2020-1416 8.8 - High - July 14, 2020

An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability'.

Improper Privilege Management

A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads workspace settings

CVE-2020-1192 7.8 - High - May 21, 2020

A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads workspace settings from a notebook file, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1171.

A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads configuration files after opening a project

CVE-2020-1171 8.8 - High - May 21, 2020

A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads configuration files after opening a project, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1192.

An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer

CVE-2019-1414 7.8 - High - January 24, 2020

An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer, aka 'Visual Studio Code Elevation of Privilege Vulnerability'.

A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project

CVE-2019-0728 7.8 - High - March 05, 2019

A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project, aka 'Visual Studio Code Remote Code Execution Vulnerability'.

Code Injection

Untrusted search path vulnerability in the installer of Visual Studio Code

CVE-2018-0597 7.8 - High - June 26, 2018

Untrusted search path vulnerability in the installer of Visual Studio Code allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Untrusted Path

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Visual Studio Code or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

Microsoft Visual Studio Code
VSCode Developer IDE

subscribe