Skip to main content

Github Copilot Chat

3 CVEs product

Monthly

CVE-2026-50519 HIGH PATCH Exploit Unlikely This Week

Information disclosure in GitHub Copilot Chat for Visual Studio Code (versions 1.0.0 up to but not including 1.123.2) lets a remote, unauthenticated attacker read sensitive data over a network because an insecure default configuration exposes a resource that should be protected. The CVSS 3.1 score of 7.5 reflects high confidentiality impact with no integrity or availability effect. There is no public exploit identified at time of analysis and EPSS exploitation probability is low at 0.53% (40th percentile).

Information Disclosure Github Copilot Chat
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-62449 MEDIUM This Month

Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Github Copilot Chat
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-62222 HIGH This Month

Improper neutralization of special elements used in a command ('command injection') in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Github Copilot Chat
NVD
CVSS 3.1
8.8
EPSS
0.4%
EPSS 1% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Information disclosure in GitHub Copilot Chat for Visual Studio Code (versions 1.0.0 up to but not including 1.123.2) lets a remote, unauthenticated attacker read sensitive data over a network because an insecure default configuration exposes a resource that should be protected. The CVSS 3.1 score of 7.5 reflects high confidentiality impact with no integrity or availability effect. There is no public exploit identified at time of analysis and EPSS exploitation probability is low at 0.53% (40th percentile).

Information Disclosure Github Copilot Chat
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM This Month

Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Github Copilot Chat
NVD
EPSS 0% CVSS 8.8
HIGH This Month

Improper neutralization of special elements used in a command ('command injection') in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Github Copilot Chat
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy