High
CVE-2023-28296
Visual Studio Remote Code Execution Vulnerability
Tag: Microsoft Visual Studio
All CVEs associated with "Microsoft Visual Studio". Page 2/3 • 299 CVEs.
Subscribe CVEs: RSS for “Microsoft Visual Studio” · RSS (High+Critical only)
About “Microsoft Visual Studio”
A curated feed of “Microsoft Visual Studio”-related CVEs appears below. We currently track 299 CVEs for this tag (all time). In the last 365 days, 35 were published. Average CVSS is 7.4 (all time; 7.1 over 365d), and 75% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection'), CWE-20 - Improper Input Validation, CWE-94 - Improper Control of Generation of Code ('Code Injection').
In our taxonomy this topic maps to a LOW impact class. Developer and CI or CD tooling touches supply chains and secrets. Patch controllers and agents, enforce SSO or MFA, rotate tokens, isolate runners, and audit plugins. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2023-04-11
Medium
CVE-2023-28263
Visual Studio Information Disclosure Vulnerability
High
CVE-2023-28262
Visual Studio Elevation of Privilege Vulnerability
High
CVE-2023-24893
Visual Studio Code Remote Code Execution Vulnerability
2023-04-02
High
CVE-2023-28681
Jenkins Visual Studio Code Metrics Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
2023-02-14
High
CVE-2023-23381
Visual Studio Remote Code Execution Vulnerability
High
CVE-2023-21815
Visual Studio Remote Code Execution Vulnerability
High
CVE-2023-21808
.NET and Visual Studio Remote Code Execution Vulnerability
Medium
CVE-2023-21567
Visual Studio Denial of Service Vulnerability
High
CVE-2023-21566
Visual Studio Elevation of Privilege Vulnerability
2023-01-10
High
CVE-2023-21779
Visual Studio Code Remote Code Execution Vulnerability
2022-11-30
Medium
CVE-2022-24441
The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such a…
2022-11-09
High
CVE-2022-41119
Visual Studio Remote Code Execution Vulnerability
2022-10-11
High
CVE-2022-41083
Visual Studio Code Elevation of Privilege Vulnerability
High
CVE-2022-41042
Visual Studio Code Information Disclosure Vulnerability
High
CVE-2022-41034
Visual Studio Code Remote Code Execution Vulnerability
2022-10-03
High
CVE-2022-40764
Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the V…
2022-09-13
High
CVE-2022-38020
Visual Studio Code Elevation of Privilege Vulnerability
High
CVE-2022-38013
.NET Core and Visual Studio Denial of Service Vulnerability
2022-08-09
High
CVE-2022-35827
Visual Studio Remote Code Execution Vulnerability
High
CVE-2022-35826
Visual Studio Remote Code Execution Vulnerability
High
CVE-2022-35825
Visual Studio Remote Code Execution Vulnerability
High
CVE-2022-35777
Visual Studio Remote Code Execution Vulnerability
2022-06-15
Medium
CVE-2022-30184
.NET and Visual Studio Information Disclosure Vulnerability
2022-05-10
High
CVE-2022-30129
Visual Studio Code Remote Code Execution Vulnerability
High
CVE-2022-29148
Visual Studio Remote Code Execution Vulnerability
High
CVE-2022-29145
.NET and Visual Studio Denial of Service Vulnerability
High
CVE-2022-29117
.NET and Visual Studio Denial of Service Vulnerability
High
CVE-2022-23267
.NET and Visual Studio Denial of Service Vulnerability
2022-04-15
High
CVE-2022-26921
Visual Studio Code Elevation of Privilege Vulnerability
High
CVE-2022-24513
Visual Studio Elevation of Privilege Vulnerability
2022-04-12
Medium
CVE-2022-24765
Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk.…
2022-03-09
Medium
CVE-2022-24526
Visual Studio Code Spoofing Vulnerability
Medium
CVE-2022-24512
.NET and Visual Studio Remote Code Execution Vulnerability
High
CVE-2022-24464
.NET and Visual Studio Denial of Service Vulnerability
2022-02-09
High
CVE-2022-21991
Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability
2021-12-15
Medium
CVE-2021-43908
Visual Studio Code Spoofing Vulnerability
Critical
CVE-2021-43907
Visual Studio Code WSL Extension Remote Code Execution Vulnerability
High
CVE-2021-43891
Visual Studio Code Remote Code Execution Vulnerability
High
CVE-2021-43877
ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability
2021-11-10
High
CVE-2021-42322
Visual Studio Code Elevation of Privilege Vulnerability
Medium
CVE-2021-42319
Visual Studio Elevation of Privilege Vulnerability
2021-10-13
Medium
CVE-2021-41355
.NET Core and Visual Studio Information Disclosure Vulnerability
2021-09-15
High
CVE-2021-36952
Visual Studio Remote Code Execution Vulnerability
Medium
CVE-2021-26437
Visual Studio Code Spoofing Vulnerability
High
CVE-2021-26434
Visual Studio Elevation of Privilege Vulnerability
2021-08-12
Medium
CVE-2021-34532
ASP.NET Core and Visual Studio Information Disclosure Vulnerability
Medium
CVE-2021-34485
.NET Core and Visual Studio Information Disclosure Vulnerability
High
CVE-2021-26423
.NET Core and Visual Studio Denial of Service Vulnerability
2021-07-30
Critical
CVE-2021-30124
The unofficial vscode-phpmd (aka PHP Mess Detector) extension before 1.3.0 for Visual Studio Code allows remote attackers to execute arbitrary code via a crafted phpmd.command value in a workspace fo…
2021-07-14
High
CVE-2021-34529
Visual Studio Code Remote Code Execution Vulnerability
High
CVE-2021-34528
Visual Studio Code Remote Code Execution Vulnerability
High
CVE-2021-34479
Microsoft Visual Studio Spoofing Vulnerability
High
CVE-2021-34477
Visual Studio Code .NET Runtime Elevation of Privilege Vulnerability
2021-05-11
High
CVE-2021-31214
Visual Studio Code Remote Code Execution Vulnerability
High
CVE-2021-31213
Visual Studio Code Remote Containers Extension Remote Code Execution Vulnerability
High
CVE-2021-31211
Visual Studio Code Remote Code Execution Vulnerability
High
CVE-2021-31204
.NET and Visual Studio Elevation of Privilege Vulnerability
High
CVE-2021-27068
Visual Studio Remote Code Execution Vulnerability
Critical
CVE-2021-29508
Due to how Wire handles type information in its serialization format, malicious payloads can be passed to a deserializer. e.g. using a surrogate on the sender end, an attacker can pass information ab…
2021-04-29
High
CVE-2021-29468
Cygwin Git is a patch set for the git command line tool for the cygwin environment. A specially crafted repository that contains symbolic links as well as files with backslash characters in the file…
2021-04-25
Critical
CVE-2021-30502
The unofficial vscode-ghc-simple (aka Simple Glasgow Haskell Compiler) extension before 0.2.3 for Visual Studio Code allows remote code execution via a crafted workspace configuration with replComman…
2021-04-16
Critical
CVE-2021-31414
The unofficial vscode-rpm-spec extension before 0.3.2 for Visual Studio Code allows remote code execution via a crafted workspace configuration.
2021-04-13
High
CVE-2021-28477
Visual Studio Code Remote Code Execution Vulnerability
High
CVE-2021-28475
Visual Studio Code Remote Code Execution Vulnerability
High
CVE-2021-28473
Visual Studio Code Remote Code Execution Vulnerability
High
CVE-2021-28472
Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability
High
CVE-2021-28471
Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability
High
CVE-2021-28470
Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability
High
CVE-2021-28469
Visual Studio Code Remote Code Execution Vulnerability
High
CVE-2021-28457
Visual Studio Code Remote Code Execution Vulnerability
High
CVE-2021-28448
Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability
High
CVE-2021-27064
Visual Studio Installer Elevation of Privilege Vulnerability
Critical
CVE-2021-30503
The unofficial GLSL Linting extension before 1.4.0 for Visual Studio Code allows remote code execution via a crafted glslangValidatorPath in the workspace configuration.
2021-04-05
High
CVE-2021-29261
The unofficial Svelte extension before 104.8.0 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace configuration.
2021-04-01
High
CVE-2021-21420
vscode-stripe is an extension for Visual Studio Code. A vulnerability in Stripe for Visual Studio Code extension exists when it loads an untrusted source-code repository containing malicious settings…
2021-03-31
High
CVE-2021-29658
The unofficial vscode-rufo extension before 0.0.4 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace folder.
2021-03-24
Critical
CVE-2021-28967
The unofficial MATLAB extension before 2.0.1 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace because of lint configuration settings.
2021-03-22
High
CVE-2021-28956
The unofficial vscode-sass-lint (aka Sass Lint) extension through 1.0.7 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace. NOTE: This vulnera…
2021-03-21
High
CVE-2021-28953
The unofficial C/C++ Advanced Lint extension before 1.9.0 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted repository.
2021-03-18
Critical
CVE-2021-28794
The unofficial ShellCheck extension before 0.13.4 for Visual Studio Code mishandles shellcheck.executablePath.
High
CVE-2021-28792
The unofficial Swift Development Environment extension before 2.12.1 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted sour…
High
CVE-2021-28791
The unofficial SwiftFormat extension before 1.3.7 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftformat.path config…
High
CVE-2021-28790
The unofficial SwiftLint extension before 1.4.5 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftlint.path configurat…
High
CVE-2021-28789
The unofficial apple/swift-format extension before 1.1.2 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted apple-swift-form…
2021-03-11
High
CVE-2021-27084
Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability
High
CVE-2021-27083
Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability
High
CVE-2021-27082
Quantum Development Kit for Visual Studio Code Remote Code Execution Vulnerability
High
CVE-2021-27081
Visual Studio Code ESLint Extension Remote Code Execution Vulnerability
High
CVE-2021-27060
Visual Studio Code Remote Code Execution Vulnerability
2021-02-25
High
CVE-2021-26700
Visual Studio Code npm-script Extension Remote Code Execution Vulnerability
Medium
CVE-2021-1721
.NET Core and Visual Studio Denial of Service Vulnerability
High
CVE-2021-1639
Visual Studio Code Remote Code Execution Vulnerability
2021-01-12
High
CVE-2021-1723
ASP.NET Core and Visual Studio Denial of Service Vulnerability
2020-12-10
High
CVE-2020-17159
Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability
High
CVE-2020-17156
Visual Studio Remote Code Execution Vulnerability
High
CVE-2020-17150
Visual Studio Code Remote Code Execution Vulnerability
High
CVE-2020-17148
Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability
2020-11-11
High
CVE-2020-17104
Visual Studio Code JSHint Extension Remote Code Execution Vulnerability
Medium
CVE-2020-17100
Visual Studio Tampering Vulnerability
2020-10-16
High
CVE-2020-17023
<p>A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. An attacker who successfully exploited the vulnerability cou…
High
CVE-2020-16977
<p>A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads a Jupyter notebook file. An attacker who successfully exploited the vulnerability could run arbit…
2020-09-11
High
CVE-2020-16881
<p>A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. An attacker who successfully exploited the vulnerability cou…
High
CVE-2020-16874
<p>A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the…
High
CVE-2020-16856
<p>A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the…
2020-08-17
High
CVE-2020-0604
A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project. An attacker who successfully exploited the vulnerability could run ar…
2020-07-14
High
CVE-2020-1481
A remote code execution vulnerability exists in the ESLint extension for Visual Studio Code when it validates source code after opening a project, aka 'Visual Studio Code ESLint Extention Remote Code…
High
CVE-2020-1416
An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Visual Studio Code Elevation of Privilege Vulnerabi…
High
CVE-2020-1147
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, Shar…
2020-06-09
Medium
CVE-2020-1343
An information disclosure vulnerability exists in Visual Studio Code Live Share Extension when it exposes tokens in plain text, aka 'Visual Studio Code Live Share Information Disclosure Vulnerability…
High
CVE-2020-1203
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka 'Diagnostic Hub Stand…
High
CVE-2020-1202
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka 'Diagnostic Hub Stand…
2020-05-21
High
CVE-2020-1192
A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads workspace settings from a notebook file, aka 'Visual Studio Code Python Extension Remote Code Execut…
High
CVE-2020-1171
A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads configuration files after opening a project, aka 'Visual Studio Code Python Extension Remote Code Ex…
2020-04-15
Medium
CVE-2020-0900
An elevation of privilege vulnerability exists when the Visual Studio Extension Installer Service improperly handles file operations, aka 'Visual Studio Extension Installer Service Elevation of Privi…
Medium
CVE-2020-0899
An elevation of privilege vulnerability exists when Microsoft Visual Studio updater service improperly handles file permissions, aka 'Microsoft Visual Studio Elevation of Privilege Vulnerability'.
2020-03-12
Low
CVE-2020-0884
A spoofing vulnerability exists in Microsoft Visual Studio as it includes a reply URL that is not secured by SSL, aka 'Microsoft Visual Studio Spoofing Vulnerability'.
High
CVE-2020-0810
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file creation in arbitrary locations.To exploit the vulnerabi…
High
CVE-2020-0789
A denial of service vulnerability exists when the Visual Studio Extension Installer Service improperly handles hard links, aka 'Visual Studio Extension Installer Service Denial of Service Vulnerabili…
2020-01-24
High
CVE-2019-1414
An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer, aka 'Visual Studio Code Elevation of Privilege Vulnerability'.