Visual Studio CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (292 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-64660	1 Microsoft	1 Visual Studio Code	2025-11-26	8 High
Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network.
CVE-2025-62453	2 Github, Microsoft	2 Copilot, Visual Studio Code	2025-11-26	5 Medium
Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally.
CVE-2025-62449	1 Microsoft	3 Github Copilot Chat, Visual Studio, Visual Studio Code Copilot Chat Extension	2025-11-26	6.8 Medium
Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally.
CVE-2025-62222	1 Microsoft	3 Github Copilot Chat, Visual Studio, Visual Studio Code Copilot Chat Extension	2025-11-26	8.8 High
Improper neutralization of special elements used in a command ('command injection') in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network.
CVE-2025-62214	1 Microsoft	2 Visual Studio, Visual Studio 2022	2025-11-26	6.7 Medium
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code locally.
CVE-2025-55248	4 Apple, Linux, Microsoft and 1 more	22 Macos, Linux Kernel, .net and 19 more	2025-11-22	4.8 Medium
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.
CVE-2025-55240	1 Microsoft	4 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 1 more	2025-11-22	7.3 High
Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
CVE-2025-55315	2 Microsoft, Redhat	4 Asp.net Core, Visual Studio, Visual Studio 2022 and 1 more	2025-11-22	9.9 Critical
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
CVE-2025-55319	1 Microsoft	1 Visual Studio Code	2025-11-21	8.8 High
Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network.
CVE-2025-53773	2 Github, Microsoft	3 Copilot, Visual Studio, Visual Studio 2022	2025-11-10	7.8 High
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally.
CVE-2023-44487	32 Akka, Amazon, Apache and 29 more	367 Http Server, Opensearch Data Prepper, Apisix and 364 more	2025-11-07	7.5 High
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2023-36792	1 Microsoft	16 .net, .net Framework, Visual Studio 2017 and 13 more	2025-10-30	7.8 High
Visual Studio Remote Code Execution Vulnerability
CVE-2023-36793	1 Microsoft	16 .net, .net Framework, Visual Studio 2017 and 13 more	2025-10-30	7.8 High
Visual Studio Remote Code Execution Vulnerability
CVE-2023-36794	1 Microsoft	16 .net, .net Framework, Visual Studio 2017 and 13 more	2025-10-30	7.8 High
Visual Studio Remote Code Execution Vulnerability
CVE-2023-36796	1 Microsoft	16 .net, .net Framework, Visual Studio 2017 and 13 more	2025-10-30	7.8 High
Visual Studio Remote Code Execution Vulnerability
CVE-2023-36799	2 Microsoft, Redhat	4 .net, Visual Studio 2022, Enterprise Linux and 1 more	2025-10-30	6.5 Medium
.NET Core and Visual Studio Denial of Service Vulnerability
CVE-2023-36742	1 Microsoft	1 Visual Studio Code	2025-10-30	7.8 High
Visual Studio Code Remote Code Execution Vulnerability
CVE-2023-36758	1 Microsoft	1 Visual Studio 2022	2025-10-30	7.8 High
Visual Studio Elevation of Privilege Vulnerability
CVE-2023-36759	1 Microsoft	2 Visual Studio 2019, Visual Studio 2022	2025-10-30	6.7 Medium
Visual Studio Elevation of Privilege Vulnerability
CVE-2020-1147	2 Microsoft, Redhat	18 .net Core, .net Framework, Sharepoint Enterprise Server and 15 more	2025-10-29	7.8 High
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.

Page 1 of 15. next last »