本页列出影响 microsoft github_copilot 的已公开 CVE 漏洞(通过 NVD CPE 关联)。每行包含严重程度评分、摘要与发布日期,便于识别与分析安全问题。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2025-66389 | GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder (without user approval) via a file-handler URI parameter to fetch_webpage. Therefore, exfiltration could occur if there is indirect prompt injection. | [email protected] | 7.5 | 0.85% | 2026-06-22 | 2026-06-29 |
| CVE-2026-21516 | Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code over a network. | [email protected] | 8.8 | 0.81% | 2026-02-10 | 2026-06-17 |
| CVE-2025-64671 | Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to execute code locally. | [email protected] | 8.4 | 0.32% | 2025-12-09 | 2026-06-17 |