Visual Studio 2019
Vulnerabilities
118
Known exploited
1
Max CVSS
8.8
Top EPSS
0.94243
Severity breakdown
Critical
0
High
90
Medium
27
Low
1
Affected version ranges
15.0–15.9.6315.0–15.9.6715.9–16.916.0.0–16.11.4116.0.0–16.9.2616.0–16.0.1116.0–16.0.1616.0–16.1016.0–16.1116.0–16.11.2416.0–16.11.2616.0–16.11.2916.0–16.11.3016.0–16.11.3216.0–16.11.3316.0–16.11.3516.0–16.11.3716.0–16.11.4316.0–16.11.4416.0–16.11.4516.0–16.11.4716.0–16.11.4916.0–16.11.5216.0–16.3
Also matched as (raw): visual_studio_2019,.net,windows_10,windows_server_2016,visual_studio,odbc_driver_for_sql_server,sql_server_2019,visual_studio_2017,visual_studio_2022,.net_core,windows_server_2019,sql_server_2022
Top vulnerabilities
CVE-2025-49739Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-21178Visual Studio Remote Code Execution Vulnerability
CVE-2024-28938Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28937Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28936Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28935Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28934Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28933Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28932Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28931Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28930Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28929Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2022-35827Visual Studio Remote Code Execution Vulnerability
CVE-2022-35826Visual Studio Remote Code Execution Vulnerability
CVE-2022-35825Visual Studio Remote Code Execution Vulnerability
CVE-2022-35777Visual Studio Remote Code Execution Vulnerability
CVE-2021-27068Visual Studio Remote Code Execution Vulnerability
CVE-2020-1416An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability'.
CVE-2020-1147A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.
CVE-2019-1354A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387.
CVE-2019-1350A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387.
CVE-2021-26701.NET Core Remote Code Execution Vulnerability
CVE-2021-24112.NET Core Remote Code Execution Vulnerability
CVE-2025-32702Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally.
CVE-2024-43590Visual C++ Redistributable Installer Elevation of Privilege Vulnerability