SQL Server Microsoft SQL Server Database Server

  1. Vendors
  2. Microsoft
  3. SQL Server

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft SQL Server.

Recent Microsoft SQL Server Security Advisories

Advisory Title Published
CVE-2026-20803 CVE-2026-20803 Microsoft SQL Server Elevation of Privilege Vulnerability January 13, 2026
CVE-2025-50085 CVE-2025-50085 Vulnerability in the MySQL Server product of Oracle MySQL January 1, 2026
CVE-2025-50084 CVE-2025-50084 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged att January 1, 2026
CVE-2025-50098 CVE-2025-50098 Vulnerability in the MySQL Server product of Oracle MySQL January 1, 2026
CVE-2025-50099 CVE-2025-50099 Vulnerability in the MySQL Server product of Oracle MySQL January 1, 2026
CVE-2025-50093 CVE-2025-50093 Vulnerability in the MySQL Server product of Oracle MySQL January 1, 2026
CVE-2025-50092 CVE-2025-50092 Vulnerability in the MySQL Server product of Oracle MySQL January 1, 2026
CVE-2025-21490 CVE-2025-21490 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged at January 1, 2026
CVE-2025-50081 CVE-2025-50081 Vulnerability in the MySQL Server product of Oracle MySQL January 1, 2026
CVE-2025-50080 CVE-2025-50080 Vulnerability in the MySQL Server product of Oracle MySQL January 1, 2026

By the Year

In 2026 there have been 0 vulnerabilities in Microsoft SQL Server. Last year, in 2025 SQL Server had 7 security vulnerabilities published. Right now, SQL Server is on track to have less security vulnerabilities in 2026 than it did last year.




Year Vulnerabilities Average Score
2026 0 0.00
2025 7 8.39
2024 50 8.71
2023 18 7.81
2022 2 8.15
2021 1 8.80
2020 1 9.80
2019 3 6.50
2018 4 0.00

It may take a day or so for new SQL Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft SQL Server Security Vulnerabilities

Aug 2025: Microsoft SQL Server Elevation of Privilege Vulnerability
CVE-2025-24999 8.8 - High - August 12, 2025

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.

Authorization

Aug 2025: Microsoft SQL Server Elevation of Privilege Vulnerability
CVE-2025-47954 8.8 - High - August 12, 2025

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

SQL Injection

Aug 2025: Microsoft SQL Server Elevation of Privilege Vulnerability
CVE-2025-49759 8.8 - High - August 12, 2025

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

SQL Injection

Aug 2025: Microsoft SQL Server Elevation of Privilege Vulnerability
CVE-2025-53727 8.8 - High - August 12, 2025

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

SQL Injection

Jul 2025: Microsoft SQL Server Information Disclosure Vulnerability
CVE-2025-49719 7.5 - High - July 08, 2025

Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network.

Improper Input Validation

Jul 2025: Microsoft SQL Server Information Disclosure Vulnerability
CVE-2025-49718 7.5 - High - July 08, 2025

Use of uninitialized resource in SQL Server allows an unauthorized attacker to disclose information over a network.

Use of Uninitialized Resource

Jul 2025: Microsoft SQL Server Remote Code Execution Vulnerability
CVE-2025-49717 8.5 - High - July 08, 2025

Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network.

Heap-based Buffer Overflow

Microsoft SQL Server Remote Code Execution Vulnerability
CVE-2024-49021 7.8 - High - November 12, 2024

Microsoft SQL Server Remote Code Execution Vulnerability

Dangling pointer

Microsoft SQL Server XEvent Configuration Remote Code Execution Vulnerability
CVE-2024-49043 7.8 - High - November 12, 2024

Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability

Untrusted Path

MS SQL Server Native Client RCE via Remote Exploit
CVE-2024-48999 8.8 - High - November 12, 2024

SQL Server Native Client Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Microsoft SQL Server EOP Vulnerability CVE-2024-37980
CVE-2024-37980 9.8 - Critical - September 10, 2024

Microsoft SQL Server Elevation of Privilege Vulnerability

Microsoft SQL Server Native Scoring RCE Vulnerability (CVE-2024-26186)
CVE-2024-26186 8.8 - High - September 10, 2024

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

Dangling pointer

MS SQL Server Native RCE via Scoring Component
CVE-2024-37335 8.8 - High - September 10, 2024

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

Heap-based Buffer Overflow

SQL Server Native Scoring Info Disclosure Vulnerability
CVE-2024-37337 4.3 - Medium - September 10, 2024

Microsoft SQL Server Native Scoring Information Disclosure Vulnerability

Numeric Truncation Error

Microsoft SQL Server Elevation of Privilege Vulnerability CVE-2024-37341
CVE-2024-37341 9.8 - Critical - September 10, 2024

Microsoft SQL Server Elevation of Privilege Vulnerability

Authorization

Microsoft SQL Server EoP Vulnerability
CVE-2024-37965 8.8 - High - September 10, 2024

Microsoft SQL Server Elevation of Privilege Vulnerability

Improper Input Validation

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21414 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21332 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Dangling pointer

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21333 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21335 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21373 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21398 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21425 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-37322 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-37321 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-37320 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Dangling pointer

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-37319 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-37318 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-35272 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-35271 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-35256 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-28928 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Stack Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21449 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-37323 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Integer Overflow or Wraparound

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21331 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21317 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21308 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Dangling pointer

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21303 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Dangling pointer

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-20701 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-38088 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-38087 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Double-free

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21428 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Integer Overflow or Wraparound

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21415 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-37326 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-37334 8.8 - High - July 09, 2024

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-37336 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Integer Overflow or Wraparound

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-37324 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-37333 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-37332 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-37331 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft SQL Server or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

Microsoft SQL Server
Database Server

subscribe