Browse all 6 CVE security advisories affecting coder. AI-powered Chinese analysis, POCs, and references for each vulnerability.
This individual develops software applications with a primary focus on functionality and feature delivery. Historically, their code has been associated with multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, contributing to six CVEs. Their development practices often prioritize rapid implementation over secure coding, resulting in input validation weaknesses and improper access controls. While no major public security incidents have been directly linked to their work, the consistent pattern of vulnerabilities suggests systemic security gaps in their approach. Their codebase requires regular security reviews and remediation efforts to mitigate potential exploitation risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-35454 | Code Extension Marketplace has a Zip Slip Path Traversal — code-marketplaceCWE-22 | 6.2AI | MediumAI | 2026-04-06 |
| CVE-2025-66411 | Coder logged sensitive objects unsanitized — coderCWE-532 | 7.8 | High | 2025-12-03 |
| CVE-2025-59956 | AgentAPI exposed user chat history via a DNS rebinding attack — agentapiCWE-350 | 6.5 | Medium | 2025-09-29 |
| CVE-2025-58437 | Coder's privilege escalation vulnerability could lead to a cross workspace compromise — coderCWE-613 | 8.1 | High | 2025-09-06 |
| CVE-2025-47269 | code-server session cookie can be extracted by having user visit specially crafted proxy URL — code-serverCWE-441 | 8.3 | High | 2025-05-09 |
| CVE-2024-27918 | Coder's OIDC authentication allows email with partially matching domain to register — coderCWE-20 | 8.2 | High | 2024-03-06 |
This page lists every published CVE security advisory associated with coder. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.