Visual Studio CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (316 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-30399	4 Apple, Linux, Microsoft and 1 more	8 Macos, Linux Kernel, .net and 5 more	2026-02-20	7.5 High
Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
CVE-2025-62453	2 Github, Microsoft	2 Copilot, Visual Studio Code	2026-02-13	5 Medium
Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally.
CVE-2025-62449	1 Microsoft	3 Github Copilot Chat, Visual Studio, Visual Studio Code Copilot Chat Extension	2026-02-13	6.8 Medium
Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally.
CVE-2025-21405	1 Microsoft	1 Visual Studio 2022	2026-02-13	7.3 High
Visual Studio Elevation of Privilege Vulnerability
CVE-2025-21173	3 Linux, Microsoft, Redhat	5 Linux Kernel, .net, Visual Studio 2022 and 2 more	2026-02-13	7.3 High
.NET Elevation of Privilege Vulnerability
CVE-2025-24039	1 Microsoft	1 Visual Studio Code	2026-02-13	7.3 High
Visual Studio Code Elevation of Privilege Vulnerability
CVE-2025-21206	1 Microsoft	3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022	2026-02-13	7.3 High
Visual Studio Installer Elevation of Privilege Vulnerability
CVE-2025-26631	1 Microsoft	1 Visual Studio Code	2026-02-13	7.3 High
Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally.
CVE-2025-25003	1 Microsoft	2 Visual Studio 2019, Visual Studio 2022	2026-02-13	7.3 High
Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.
CVE-2025-24998	1 Microsoft	3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022	2026-02-13	7.3 High
Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.
CVE-2025-24070	2 Microsoft, Redhat	4 Asp.net Core, Visual Studio 2022, Enterprise Linux and 1 more	2026-02-13	7 High
Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-26682	1 Microsoft	2 Asp.net Core, Visual Studio 2022	2026-02-13	7.5 High
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
CVE-2025-29804	1 Microsoft	1 Visual Studio 2022	2026-02-13	7.3 High
Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
CVE-2025-29802	1 Microsoft	1 Visual Studio 2022	2026-02-13	7.3 High
Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
CVE-2025-29803	1 Microsoft	7 .vsta Sdk, Sql Server Management Studio, Visual Studio Tools For Applications and 4 more	2026-02-13	7.3 High
Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally.
CVE-2025-21264	1 Microsoft	2 Visual Studio Code, Visual Studio Code Copilot Chat Extension	2026-02-13	7.1 High
Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
CVE-2025-32703	1 Microsoft	3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022	2026-02-13	5.5 Medium
Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally.
CVE-2024-35264	2 Microsoft, Redhat	4 .net, Visual Studio, Visual Studio 2022 and 1 more	2026-02-10	8.1 High
.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2025-68120	2 Go, Microsoft	2 Go, Visual Studio Code	2026-01-06	5.4 Medium
To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode.
CVE-2024-30052	1 Microsoft	3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022	2025-12-17	4.7 Medium
Visual Studio Remote Code Execution Vulnerability

« first previous Page 5 of 16. next last »