Visual Studio
by Microsoft
CVEs (157)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-17104 | 0.01 | — | 0.04 | Nov 11, 2020 | Visual Studio Code JSHint Extension Remote Code Execution Vulnerability | |||
| CVE-2020-17023 | 0.01 | — | 0.04 | Oct 16, 2020 | A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is… | |||
| CVE-2020-16881 | 0.01 | — | 0.05 | Sep 11, 2020 | A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is… | |||
| CVE-2020-16874 | 0.01 | — | 0.04 | Sep 11, 2020 | A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with… | |||
| CVE-2020-16856 | 0.01 | — | 0.04 | Sep 11, 2020 | A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with… | |||
| CVE-2020-0604 | 0.01 | — | 0.04 | Aug 17, 2020 | A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged… | |||
| CVE-2020-1416 | 0.01 | — | 0.06 | Jul 14, 2020 | An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability'. | |||
| CVE-2019-1425 | 0.01 | — | 0.03 | Nov 12, 2019 | An elevation of privilege vulnerability exists when Visual Studio fails to properly validate hardlinks while extracting archived files, aka 'Visual Studio Elevation of Privilege Vulnerability'. | |||
| CVE-2019-0657 | 0.01 | — | 0.05 | Mar 6, 2019 | A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'. | |||
| CVE-2019-0728 | 0.01 | — | 0.28 | Mar 6, 2019 | A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project, aka 'Visual Studio Code Remote Code Execution Vulnerability'. | |||
| CVE-2019-0613 | 0.01 | — | 0.15 | Mar 6, 2019 | A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET… | |||
| CVE-2014-3802 | 0.01 | — | 0.11 | May 20, 2014 | msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-call address, which allows remote attackers to execute arbitrary code or cause a… | |||
| CVE-2011-1280 | 0.01 | — | 0.15 | Jun 16, 2011 | The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote… | |||
| CVE-2001-0153 | 0.01 | — | 0.12 | May 3, 2001 | Buffer overflow in VB-TSQL debugger object (vbsdicli.exe) in Visual Studio 6.0 Enterprise Edition allows remote attackers to execute arbitrary commands. | |||
| CVE-2000-0162 | 0.01 | — | 0.08 | Feb 18, 2000 | The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability. | |||
| CVE-2025-65716 | 0.00 | — | 0.01 | Feb 16, 2026 | An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18 allows attackers to execute arbitrary code via uploading a crafted .Md file. | |||
| CVE-2026-21257 | 0.00 | — | 0.01 | Feb 10, 2026 | Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network. | |||
| CVE-2026-21523 | 0.00 | — | 0.01 | Feb 10, 2026 | Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network. | |||
| CVE-2026-21518 | 0.00 | — | 0.01 | Feb 10, 2026 | Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network. | |||
| CVE-2025-64660 | 0.00 | — | 0.00 | Nov 20, 2025 | Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network. |
- CVE-2020-17104Nov 11, 2020risk 0.01cvss —epss 0.04
Visual Studio Code JSHint Extension Remote Code Execution Vulnerability
- CVE-2020-17023Oct 16, 2020risk 0.01cvss —epss 0.04
A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is…
- CVE-2020-16881Sep 11, 2020risk 0.01cvss —epss 0.05
A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is…
- CVE-2020-16874Sep 11, 2020risk 0.01cvss —epss 0.04
A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with…
- CVE-2020-16856Sep 11, 2020risk 0.01cvss —epss 0.04
A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with…
- CVE-2020-0604Aug 17, 2020risk 0.01cvss —epss 0.04
A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged…
- CVE-2020-1416Jul 14, 2020risk 0.01cvss —epss 0.06
An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability'.
- CVE-2019-1425Nov 12, 2019risk 0.01cvss —epss 0.03
An elevation of privilege vulnerability exists when Visual Studio fails to properly validate hardlinks while extracting archived files, aka 'Visual Studio Elevation of Privilege Vulnerability'.
- CVE-2019-0657Mar 6, 2019risk 0.01cvss —epss 0.05
A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'.
- CVE-2019-0728Mar 6, 2019risk 0.01cvss —epss 0.28
A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project, aka 'Visual Studio Code Remote Code Execution Vulnerability'.
- CVE-2019-0613Mar 6, 2019risk 0.01cvss —epss 0.15
A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET…
- CVE-2014-3802May 20, 2014risk 0.01cvss —epss 0.11
msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-call address, which allows remote attackers to execute arbitrary code or cause a…
- CVE-2011-1280Jun 16, 2011risk 0.01cvss —epss 0.15
The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote…
- CVE-2001-0153May 3, 2001risk 0.01cvss —epss 0.12
Buffer overflow in VB-TSQL debugger object (vbsdicli.exe) in Visual Studio 6.0 Enterprise Edition allows remote attackers to execute arbitrary commands.
- CVE-2000-0162Feb 18, 2000risk 0.01cvss —epss 0.08
The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability.
- CVE-2025-65716Feb 16, 2026risk 0.00cvss —epss 0.01
An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18 allows attackers to execute arbitrary code via uploading a crafted .Md file.
- CVE-2026-21257Feb 10, 2026risk 0.00cvss —epss 0.01
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network.
- CVE-2026-21523Feb 10, 2026risk 0.00cvss —epss 0.01
Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.
- CVE-2026-21518Feb 10, 2026risk 0.00cvss —epss 0.01
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network.
- CVE-2025-64660Nov 20, 2025risk 0.00cvss —epss 0.00
Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network.
Page 4 of 8