SQL Server Microsoft SQL Server Database Server

  1. Vendors
  2. Microsoft
  3. SQL Server

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft SQL Server.

Recent Microsoft SQL Server Security Advisories

Advisory Title Published
CVE-2026-20803 CVE-2026-20803 Microsoft SQL Server Elevation of Privilege Vulnerability January 13, 2026
CVE-2025-59499 CVE-2025-59499 Microsoft SQL Server Elevation of Privilege Vulnerability November 11, 2025
CVE-2025-59250 CVE-2025-59250 JDBC Driver for SQL Server Spoofing Vulnerability October 14, 2025
CVE-2025-55227 CVE-2025-55227 Microsoft SQL Server Elevation of Privilege Vulnerability September 9, 2025
CVE-2025-47997 CVE-2025-47997 Microsoft SQL Server Information Disclosure Vulnerability September 9, 2025
CVE-2025-47954 CVE-2025-47954 Microsoft SQL Server Elevation of Privilege Vulnerability August 12, 2025
CVE-2025-49759 CVE-2025-49759 Microsoft SQL Server Elevation of Privilege Vulnerability August 12, 2025
CVE-2025-24999 CVE-2025-24999 Microsoft SQL Server Elevation of Privilege Vulnerability August 12, 2025
CVE-2025-53727 CVE-2025-53727 Microsoft SQL Server Elevation of Privilege Vulnerability August 12, 2025
CVE-2025-49758 CVE-2025-49758 Microsoft SQL Server Elevation of Privilege Vulnerability August 12, 2025

By the Year

In 2026 there have been 0 vulnerabilities in Microsoft SQL Server. Last year, in 2025 SQL Server had 7 security vulnerabilities published. Right now, SQL Server is on track to have less security vulnerabilities in 2026 than it did last year.




Year Vulnerabilities Average Score
2026 0 0.00
2025 7 8.39
2024 50 8.71
2023 18 7.81
2022 2 8.15
2021 1 8.80
2020 1 9.80
2019 2 7.65
2018 1 9.80

It may take a day or so for new SQL Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft SQL Server Security Vulnerabilities

Aug 2025: Microsoft SQL Server Elevation of Privilege Vulnerability
CVE-2025-53727 8.8 - High - August 12, 2025

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

SQL Injection

Aug 2025: Microsoft SQL Server Elevation of Privilege Vulnerability
CVE-2025-49759 8.8 - High - August 12, 2025

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

SQL Injection

Aug 2025: Microsoft SQL Server Elevation of Privilege Vulnerability
CVE-2025-47954 8.8 - High - August 12, 2025

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

SQL Injection

Aug 2025: Microsoft SQL Server Elevation of Privilege Vulnerability
CVE-2025-24999 8.8 - High - August 12, 2025

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.

Authorization

Microsoft SQL Server Heap OOB Buffer Overflow Enables Network Code Exec
CVE-2025-49717 8.5 - High - July 08, 2025

Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network.

Heap-based Buffer Overflow

SQL Server Improper Input Validation Enables Network Data Disclosure
CVE-2025-49719 7.5 - High - July 08, 2025

Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network.

Improper Input Validation

SQL Server Uninitialized Resource Disclosure via Network
CVE-2025-49718 7.5 - High - July 08, 2025

Use of uninitialized resource in SQL Server allows an unauthorized attacker to disclose information over a network.

Use of Uninitialized Resource

Microsoft SQL Server Remote Code Execution Vulnerability
CVE-2024-49021 7.8 - High - November 12, 2024

Microsoft SQL Server Remote Code Execution Vulnerability

Dangling pointer

MS SQL Server Native Client RCE via Remote Exploit
CVE-2024-48999 8.8 - High - November 12, 2024

SQL Server Native Client Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Microsoft SQL Server XEvent Configuration Remote Code Execution Vulnerability
CVE-2024-49043 7.8 - High - November 12, 2024

Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability

Untrusted Path

Microsoft SQL Server EOP Vulnerability CVE-2024-37980
CVE-2024-37980 9.8 - Critical - September 10, 2024

Microsoft SQL Server Elevation of Privilege Vulnerability

Microsoft SQL Server EoP Vulnerability
CVE-2024-37965 8.8 - High - September 10, 2024

Microsoft SQL Server Elevation of Privilege Vulnerability

Improper Input Validation

Microsoft SQL Server Elevation of Privilege Vulnerability CVE-2024-37341
CVE-2024-37341 9.8 - Critical - September 10, 2024

Microsoft SQL Server Elevation of Privilege Vulnerability

Authorization

SQL Server Native Scoring Info Disclosure Vulnerability
CVE-2024-37337 4.3 - Medium - September 10, 2024

Microsoft SQL Server Native Scoring Information Disclosure Vulnerability

Numeric Truncation Error

MS SQL Server Native RCE via Scoring Component
CVE-2024-37335 8.8 - High - September 10, 2024

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Microsoft SQL Server Native Scoring RCE Vulnerability (CVE-2024-26186)
CVE-2024-26186 8.8 - High - September 10, 2024

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

Dangling pointer

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21373 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21332 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Dangling pointer

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21333 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21335 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21308 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Dangling pointer

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-37318 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-35272 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-35271 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-35256 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-28928 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Stack Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21449 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21425 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21331 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21317 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-37319 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21303 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Dangling pointer

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-20701 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-38088 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-38087 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Double-free

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21428 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Integer Overflow or Wraparound

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21415 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21414 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21398 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-37321 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-37330 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-37331 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-37332 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-37333 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-37334 8.8 - High - July 09, 2024

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-37336 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Integer Overflow or Wraparound

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-37320 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Dangling pointer

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-37329 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-37328 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-37327 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft SQL Server or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

Microsoft SQL Server
Database Server

subscribe