Microsoft Github Copilot — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft Github Copilot, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2026-21516 — CVSS 8.8 (high): Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to…
CVE-2025-64671 — CVSS 8.4 (high): Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to execute…
CVE-2025-66389 — CVSS 7.5 (high): GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder (without user approval) via a file-handler URI parameter to…