本ページは microsoft github_copilot に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-66389 | GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder (without user approval) via a file-handler URI parameter to fetch_webpage. Therefore, exfiltration could occur if there is indirect prompt injection. | [email protected] | 7.5 | 0.85% | 2026-06-22 | 2026-06-29 |
| CVE-2026-21516 | Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code over a network. | [email protected] | 8.8 | 0.81% | 2026-02-10 | 2026-06-17 |
| CVE-2025-64671 | Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to execute code locally. | [email protected] | 8.4 | 0.32% | 2025-12-09 | 2026-06-17 |