Security overview · zed-industries/zed · GitHub

Security

No security policy detected

This project has not set up a SECURITY.md file yet.

Report a vulnerability

Symlink Escape in Agent File Tools
GHSA-786m-x2vc-5235 published Feb 25, 2026 by swannysec

High
Zed Extension Sandbox Escape via Tar Symlink Following
GHSA-59p4-3mhm-qm3r published Feb 25, 2026 by swannysec

High
Zip Slip Path Traversal in Extension Archive Extraction
GHSA-v385-xh3h-rrfr published Feb 25, 2026 by swannysec

High
Parameter Values are not shown for MCP Tool Calls. Users cannot detect tool poisoning.
GHSA-f2g4-87h6-4pxq published Feb 10, 2026 by swannysec

Moderate
Zed IDE LSP Binary Configuration Arbitrary Code Execution
GHSA-29cp-2hmh-hcxj published Dec 17, 2025 by swannysec

High
Zed IDE MCP Context Server Configuration Arbitrary Code Execution
GHSA-cv6g-cmxc-vw8j published Dec 17, 2025 by swannysec

High
AI Agent Remote Code Execution
GHSA-x34m-39xw-g2wr published Aug 11, 2025 by JosephTLyons

Critical

Learn more about advisories related to zed-industries/zed in the GitHub Advisory Database