Browse all 6 CVE security advisories affecting coder. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-35454 | Code Extension Marketplace has a Zip Slip Path Traversal — code-marketplaceCWE-22 | 6.2AI | MediumAI | 2026-04-06 |
| CVE-2025-66411 | Coder logged sensitive objects unsanitized — coderCWE-532 | 7.8 | High | 2025-12-03 |
| CVE-2025-59956 | AgentAPI exposed user chat history via a DNS rebinding attack — agentapiCWE-350 | 6.5 | Medium | 2025-09-29 |
| CVE-2025-58437 | Coder's privilege escalation vulnerability could lead to a cross workspace compromise — coderCWE-613 | 8.1 | High | 2025-09-06 |
| CVE-2025-47269 | code-server session cookie can be extracted by having user visit specially crafted proxy URL — code-serverCWE-441 | 8.3 | High | 2025-05-09 |
| CVE-2024-27918 | Coder's OIDC authentication allows email with partially matching domain to register — coderCWE-20 | 8.2 | High | 2024-03-06 |
This page lists every published CVE security advisory associated with coder. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.