Visual Studio CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (294 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-55240	1 Microsoft	4 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 1 more	2026-01-07	7.3 High
Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
CVE-2025-68120	2 Go, Microsoft	2 Go, Visual Studio Code	2026-01-06	5.4 Medium
To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode.
CVE-2025-55248	4 Apple, Linux, Microsoft and 1 more	22 Macos, Linux Kernel, .net and 19 more	2026-01-02	4.8 Medium
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.
CVE-2025-55315	2 Microsoft, Redhat	4 Asp.net Core, Visual Studio, Visual Studio 2022 and 1 more	2026-01-02	9.9 Critical
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
CVE-2025-64660	1 Microsoft	1 Visual Studio Code	2026-01-02	8 High
Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network.
CVE-2025-62453	2 Github, Microsoft	2 Copilot, Visual Studio Code	2026-01-02	5 Medium
Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally.
CVE-2025-62449	1 Microsoft	3 Github Copilot Chat, Visual Studio, Visual Studio Code Copilot Chat Extension	2026-01-02	6.8 Medium
Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally.
CVE-2025-62222	1 Microsoft	3 Github Copilot Chat, Visual Studio, Visual Studio Code Copilot Chat Extension	2026-01-02	8.8 High
Improper neutralization of special elements used in a command ('command injection') in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network.
CVE-2025-62214	1 Microsoft	2 Visual Studio, Visual Studio 2022	2026-01-02	6.7 Medium
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code locally.
CVE-2025-55319	1 Microsoft	1 Visual Studio Code	2025-12-23	8.8 High
Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network.
CVE-2024-30052	1 Microsoft	3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022	2025-12-17	4.7 Medium
Visual Studio Remote Code Execution Vulnerability
CVE-2024-29060	1 Microsoft	3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022	2025-12-17	6.7 Medium
Visual Studio Elevation of Privilege Vulnerability
CVE-2025-24042	1 Microsoft	2 Visual Studio Code, Vscode-js-debug	2025-12-17	7.3 High
Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability
CVE-2025-24039	1 Microsoft	1 Visual Studio Code	2025-12-17	7.3 High
Visual Studio Code Elevation of Privilege Vulnerability
CVE-2025-21206	1 Microsoft	4 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 1 more	2025-12-17	7.3 High
Visual Studio Installer Elevation of Privilege Vulnerability
CVE-2025-24070	2 Microsoft, Redhat	4 Asp.net Core, Visual Studio 2022, Enterprise Linux and 1 more	2025-12-17	7 High
Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-26631	1 Microsoft	1 Visual Studio Code	2025-12-17	7.3 High
Uncontrolled search path element in Visual Studio Code allows an authorized attacker to elevate privileges locally.
CVE-2025-25003	1 Microsoft	3 Visual Studio, Visual Studio 2019, Visual Studio 2022	2025-12-17	7.3 High
Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.
CVE-2025-24998	1 Microsoft	4 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 1 more	2025-12-17	7.3 High
Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.
CVE-2024-30105	2 Microsoft, Redhat	5 .net, Powershell, Visual Studio and 2 more	2025-12-09	7.5 High
.NET and Visual Studio Denial of Service Vulnerability

Page 1 of 15. next last »