Microsoft Github Copilot Chat — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft Github Copilot Chat, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2025-62222 — CVSS 8.8 (high): Improper neutralization of special elements used in a command ('command injection') in Visual Studio Code CoPilot Chat Extension allows an…
CVE-2025-62449 — CVSS 6.8 (medium): Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code CoPilot Chat Extension allows an…
CVE-2026-50519 — CVSS 6.5 (medium): Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose…
CVE-2026-23653 — CVSS 5.7 (medium): Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an…