npm/code-server — 4 CVEs

CRITICAL9.3CVE-2023-26114code-server vulnerable to Missing Origin Validation in WebSockets

from 0, < 4.10.1

HIGH8.3CVE-2025-47269code-server's session cookie can be extracted by having user visit specially crafted proxy URL

from 0, < 4.99.4

HIGH7.5CVE-2021-3810Inefficient Regular Expression Complexity in code-server

from 0, < 3.12.0

MEDIUM6.1Cross site scripting in code-server

from 0, < 3.12.0

pkg:npm/code-server