Microsoft Visual Studio Developer IDE
Recent Microsoft Visual Studio Security Advisories
Advisory | Title | Published |
---|---|---|
CVE-2023-21566 | Visual Studio Elevation of Privilege Vulnerability | February 14, 2023 |
CVE-2023-21815 | Visual Studio Remote Code Execution Vulnerability | February 14, 2023 |
CVE-2023-21808 | .NET and Visual Studio Remote Code Execution Vulnerability | February 14, 2023 |
CVE-2023-21567 | Visual Studio Denial of Service Vulnerability | February 14, 2023 |
CVE-2023-23381 | Visual Studio Remote Code Execution Vulnerability | February 14, 2023 |
CVE-2023-21779 | Visual Studio Code Remote Code Execution | January 10, 2023 |
CVE-2022-41119 | Visual Studio Remote Code Execution Vulnerability | November 8, 2022 |
CVE-2022-41042 | Visual Studio Code Information Disclosure Vulnerability | October 11, 2022 |
CVE-2022-41034 | Visual Studio Code Remote Code Execution Vulnerability | October 11, 2022 |
CVE-2022-41083 | Visual Studio Code Elevation of Privilege Vulnerability | October 11, 2022 |
@VisualStudio Tweets

Sun Mar 19 16:00:01 +0000 2023

Sat Mar 18 16:00:01 +0000 2023

Fri Mar 17 17:30:01 +0000 2023

Fri Mar 17 16:00:02 +0000 2023

Thu Mar 16 19:00:02 +0000 2023
By the Year
In 2023 there have been 0 vulnerabilities in Microsoft Visual Studio . Last year Visual Studio had 4 security vulnerabilities published. Right now, Visual Studio is on track to have less security vulnerabilities in 2023 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 0 | 0.00 |
2022 | 4 | 8.80 |
2021 | 6 | 7.80 |
2020 | 10 | 7.80 |
2019 | 4 | 6.90 |
2018 | 3 | 6.63 |
It may take a day or so for new Visual Studio vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Visual Studio Security Vulnerabilities
Visual Studio Remote Code Execution Vulnerability
CVE-2022-35825
8.8 - High
- August 09, 2022
Visual Studio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-35777, CVE-2022-35826, CVE-2022-35827.
Visual Studio Remote Code Execution Vulnerability
CVE-2022-35826
8.8 - High
- August 09, 2022
Visual Studio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-35777, CVE-2022-35825, CVE-2022-35827.
Visual Studio Remote Code Execution Vulnerability
CVE-2022-35827
8.8 - High
- August 09, 2022
Visual Studio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-35777, CVE-2022-35825, CVE-2022-35826.
Visual Studio Remote Code Execution Vulnerability
CVE-2022-35777
8.8 - High
- August 09, 2022
Visual Studio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-35825, CVE-2022-35826, CVE-2022-35827.
Code Injection
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
CVE-2021-42277
7.8 - High
- November 10, 2021
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
Improper Privilege Management
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
CVE-2021-28313
7.8 - High
- April 13, 2021
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28321, CVE-2021-28322.
Improper Privilege Management
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
CVE-2021-28322
7.8 - High
- April 13, 2021
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28313, CVE-2021-28321.
Improper Privilege Management
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
CVE-2021-28321
7.8 - High
- April 13, 2021
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28313, CVE-2021-28322.
insecure temporary file
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
CVE-2021-1680
7.8 - High
- January 12, 2021
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1651.
Improper Privilege Management
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
CVE-2021-1651
7.8 - High
- January 12, 2021
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1680.
Improper Privilege Management
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations
CVE-2020-1130
7.8 - High
- September 11, 2020
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1133.
Improper Privilege Management
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations
CVE-2020-1133
7.8 - High
- September 11, 2020
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1130.
Improper Privilege Management
A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory
CVE-2020-16874
7.8 - High
- September 11, 2020
A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory, aka 'Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16856.
Code Injection
A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory
CVE-2020-16856
7.8 - High
- September 11, 2020
A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory, aka 'Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16874.
An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input
CVE-2020-1393
7.8 - High
- July 14, 2020
An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior, aka 'Windows Diagnostics Hub Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1418.
Improper Privilege Management
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations
CVE-2020-1293
7.8 - High
- June 09, 2020
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1278.
Improper Privilege Management
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations
CVE-2020-1278
7.8 - High
- June 09, 2020
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1293.
Improper Privilege Management
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations
CVE-2020-1257
7.8 - High
- June 09, 2020
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1278, CVE-2020-1293.
Improper Privilege Management
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory
CVE-2020-1203
7.8 - High
- June 09, 2020
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1202.
Improper Privilege Management
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory
CVE-2020-1202
7.8 - High
- June 09, 2020
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1203.
Improper Privilege Management
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations
CVE-2019-1232
7.8 - High
- September 11, 2019
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka 'Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability'.
An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files
CVE-2019-1079
6.5 - Medium
- July 15, 2019
An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files, aka 'Visual Studio Information Disclosure Vulnerability'.
Improper Input Validation
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector
CVE-2019-0727
7.8 - High
- May 16, 2019
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Diagnostic Hub Standard Collector, Visual Studio Standard Collector Elevation of Privilege Vulnerability'.
An information disclosure vulnerability exists when Visual Studio improperly discloses arbitrary file contents if the victim opens a malicious .vscontent file
CVE-2019-0537
5.5 - Medium
- January 08, 2019
An information disclosure vulnerability exists when Visual Studio improperly discloses arbitrary file contents if the victim opens a malicious .vscontent file, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual Studio.
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations
CVE-2018-8599
7.8 - High
- December 12, 2018
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability." This affects Microsoft Visual Studio, Windows Server 2019, Windows Server 2016, Windows 10, Windows 10 Servers.
Improper Check for Dropped Privileges
A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project
CVE-2018-8172
7.8 - High
- July 11, 2018
A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio, Expression Blend 4.
An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files
CVE-2018-1037
4.3 - Medium
- April 12, 2018
An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual Studio.
Use of Uninitialized Resource
The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet
CVE-2000-0162
- February 18, 2000
The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Internet Explorer (IE) or by Microsoft? Click the Watch button to subscribe.
