Security: microsoft/vscode
Security Advisories
View information about security vulnerabilities from this repository's maintainers.
-
GitHubCredentialProvider - Regex substring host match sends Basic-auth tokensGHSA-qcxw-jfff-cxpc published
Jun 9, 2026 by zhichliHigh -
Path traversal in profile snippets import allows writing files outside the profile directory (Zip-Slip)GHSA-hgwg-xqr5-q87f published
Jun 9, 2026 by sandy081Moderate -
Auto-Approved File Write via Unconfirmed Environment-Variable Path RedirectionGHSA-c82g-9gj4-hxp2 published
Jun 9, 2026 by meganroggeLow -
Unconfirmed Remote Host Connection via Workspace FileGHSA-5j3g-c7qg-xfvx published
Jun 9, 2026 by alexdimaHigh -
MCP Deeplink Install Lacked Essential InformationGHSA-9f6c-63gp-pwpf published
May 12, 2026 by connor4312High -
Apply patch sensitive file workaroundGHSA-rg3f-8xq5-hwh6 published
May 12, 2026 by connor4312High -
Remote Code Execution Vulnerability in webviewsGHSA-5vj9-2628-2rm4 published
May 12, 2026 by mjbvzModerate -
Remote Code Execution Vulnerability with Jupyter notebook markdown rendering in untrusted workspacesGHSA-v32f-vf7g-ggmw published
May 12, 2026 by mjbvzModerate -
Terminal auto replies restrictionGHSA-3pwg-f3hj-wp8p published
Feb 10, 2026 by meganroggeHigh -
URL unicode escapingGHSA-g84c-g4wq-2pwp published
Feb 10, 2026 by connor4312High