threat
engine
.sh
Back
·
··:··
Home
/
Product
/
microsoft visual studio 2022
Product
microsoft visual studio 2022
120 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-32203
>= 17.12.0 and < 17.12.19
Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.
7.5
HIGH
CVE-2026-32178
>= 17.12.0 and < 17.12.19
Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.
7.5
HIGH
CVE-2026-21257
>= 17.14.0 and < 17.14.26
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an
8.0
HIGH
CVE-2026-21256
>= 17.14.0 and < 17.14.26
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an
8.8
HIGH
CVE-2025-62214
>= 17.14.0 and < 17.14.17
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker
6.7
MEDIUM
CVE-2025-55315
>= 17.10.0 and < 17.10.20
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to
9.9
CRITICAL
CVE-2025-55248
>= 17.10.0 and < 17.10.20
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a
4.8
MEDIUM
CVE-2025-55240
>= 17.10.0 and < 17.10.20
Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
7.3
HIGH
CVE-2025-53773
>= 17.14.0 and < 17.14.12
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an
7.8
HIGH
CVE-2025-49739
>= 17.8.0 and < 17.8.23
Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privile
8.8
HIGH
CVE-2025-47959
>= 17.8.0 and < 17.8.22
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker
7.1
HIGH
CVE-2025-30399
>= 17.8.0 and < 17.8.22
Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
7.5
HIGH
CVE-2025-26646
>= 17.8.0 and < 17.8.21
External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to p
8.0
HIGH
CVE-2025-32703
>= 17.8.0 and < 17.8.21
Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally.
5.5
MEDIUM
CVE-2025-32702
>= 17.8.0 and < 17.8.21
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attack
7.8
HIGH
CVE-2025-29804
>= 17.8.0 and < 17.8.20
Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
7.3
HIGH
CVE-2025-29802
>= 17.8.0 and < 17.8.20
Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
7.3
HIGH
CVE-2025-26682
>= 17.8.0 and < 17.8.20
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a networ
7.5
HIGH
CVE-2025-25003
>= 17.8.0 and < 17.8.19
Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.
7.3
HIGH
CVE-2025-24998
>= 17.8.0 and < 17.8.19
Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.
7.3
HIGH
CVE-2025-24070
>= 17.8.0 and < 17.8.19
Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.
7.0
HIGH
CVE-2025-21206
>= 17.8 and < 17.8.18
Visual Studio Installer Elevation of Privilege Vulnerability
7.3
HIGH
CVE-2025-21405
>= 17.12.0 and < 17.12.4
Visual Studio Elevation of Privilege Vulnerability
7.3
HIGH
CVE-2025-21178
>= 17.6.0 and < 17.6.22
Visual Studio Remote Code Execution Vulnerability
8.8
HIGH
CVE-2025-21173
>= 17.6.0 and < 17.6.22
.NET Elevation of Privilege Vulnerability
7.3
HIGH
CVE-2025-21172
>= 17.6.0 and < 17.6.22
.NET and Visual Studio Remote Code Execution Vulnerability
7.5
HIGH
CVE-2025-21171
>= 17.6.0 and < 17.6.22
.NET Remote Code Execution Vulnerability
7.5
HIGH
CVE-2024-49044
>= 17.6.0 and < 17.6.21
Visual Studio Elevation of Privilege Vulnerability
6.7
MEDIUM
CVE-2024-43499
>= 17.6 and < 17.6.21
.NET and Visual Studio Denial of Service Vulnerability
7.5
HIGH
CVE-2024-43498
>= 17.6 and < 17.6.21
.NET and Visual Studio Remote Code Execution Vulnerability
9.8
CRITICAL
CVE-2024-43603
>= 17.6.0 and < 17.6.20
Visual Studio Collector Service Denial of Service Vulnerability
5.5
MEDIUM
CVE-2024-43590
>= 17.6.0 and < 17.6.20
Visual C++ Redistributable Installer Elevation of Privilege Vulnerability
7.8
HIGH
CVE-2024-43485
>= 17.6.0 and < 17.6.20
.NET and Visual Studio Denial of Service Vulnerability
7.5
HIGH
CVE-2024-43484
>= 17.6 and < 17.6.20
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
7.5
HIGH
CVE-2024-43483
>= 17.6 and < 17.6.20
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
7.5
HIGH
CVE-2024-38229
>= 17.6.0 and < 17.6.20
.NET and Visual Studio Remote Code Execution Vulnerability
8.1
HIGH
CVE-2024-38168
>= 17.6.0 and < 17.6.18
.NET and Visual Studio Denial of Service Vulnerability
7.5
HIGH
CVE-2024-38167
>= 17.6.0 and < 17.6.18
.NET and Visual Studio Information Disclosure Vulnerability
6.5
MEDIUM
CVE-2024-38095
>= 17.4.0 and < 17.4.21
.NET and Visual Studio Denial of Service Vulnerability
7.5
HIGH
CVE-2024-38081
>= 17.4 and < 17.4.21
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
7.3
HIGH
CVE-2024-35264
>= 17.4.0 and < 17.4.21
.NET and Visual Studio Remote Code Execution Vulnerability
8.1
HIGH
CVE-2024-30105
>= 17.4.0 and < 17.4.21
.NET and Visual Studio Denial of Service Vulnerability
7.5
HIGH
CVE-2024-30052
>= 17.4 and < 17.4.20
Visual Studio Remote Code Execution Vulnerability
4.7
MEDIUM
CVE-2024-29060
>= 17.4 and < 17.4.20
Visual Studio Elevation of Privilege Vulnerability
6.7
MEDIUM
CVE-2024-30046
>= 17.4.0 and < 17.4.19
Visual Studio Denial of Service Vulnerability
5.9
MEDIUM
CVE-2024-30045
>= 17.4.0 and < 17.4.19
.NET and Visual Studio Remote Code Execution Vulnerability
6.3
MEDIUM
CVE-2024-28938
>= 17.4.0 and < 17.4.18
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
8.8
HIGH
CVE-2024-28937
>= 17.4.0 and < 17.4.18
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
8.8
HIGH
CVE-2024-28936
>= 17.4.0 and < 17.4.18
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
8.8
HIGH
CVE-2024-28935
>= 17.4.0 and < 17.4.18
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
8.8
HIGH
CVE-2024-28934
>= 17.4.0 and < 17.4.18
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
8.8
HIGH
CVE-2024-28933
>= 17.4.0 and < 17.4.18
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
8.8
HIGH
CVE-2024-28932
>= 17.4.0 and < 17.4.18
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
8.8
HIGH
CVE-2024-28931
>= 17.4.0 and < 17.4.18
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
8.8
HIGH
CVE-2024-28930
>= 17.4.0 and < 17.4.18
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
8.8
HIGH
CVE-2024-28929
>= 17.4.0 and < 17.4.18
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
8.8
HIGH
CVE-2024-21409
>= 17.4.0 and < 17.4.18
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
7.3
HIGH
CVE-2024-26190
>= 17.4.0 and < 17.4.17
Microsoft QUIC Denial of Service Vulnerability
7.5
HIGH
CVE-2024-21392
>= 17.4 and < 17.4.17
.NET and Visual Studio Denial of Service Vulnerability
7.5
HIGH
CVE-2024-21404
>= 17.4.0 and < 17.4.16
.NET Denial of Service Vulnerability
7.5
HIGH
CVE-2024-21386
>= 17.4.0 and < 17.4.16
.NET Denial of Service Vulnerability
7.5
HIGH
CVE-2024-21319
>= 17.2.0 and < 17.2.23
Microsoft Identity Denial of service vulnerability
6.8
MEDIUM
CVE-2024-20656
>= 17.2 and < 17.2.23
Visual Studio Elevation of Privilege Vulnerability
7.8
HIGH
CVE-2024-0057
>= 17.2 and < 17.2.23
NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability
9.1
CRITICAL
CVE-2024-0056
>= 17.2 and < 17.2.23
Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability
8.7
HIGH
CVE-2023-36558
>= 17.2 and < 17.2.22
ASP.NET Core Security Feature Bypass Vulnerability
6.2
MEDIUM
CVE-2023-36038
>= 17.2 and < 17.2.22
ASP.NET Core Denial of Service Vulnerability
8.2
HIGH
CVE-2023-36049
>= 17.2 and < 17.2.22
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
7.6
HIGH
CVE-2023-36042
>= 17.2 and < 17.2.22
Visual Studio Denial of Service Vulnerability
6.2
MEDIUM
CVE-2023-38171
>= 17.2.0 and < 17.2.20
Microsoft QUIC Denial of Service Vulnerability
7.5
HIGH
CVE-2023-44487
>= 17.0 and < 17.2.20
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams q
7.5
HIGH
CVE-2023-36799
>= 17.2 and < 17.2.19
.NET Core and Visual Studio Denial of Service Vulnerability
6.5
MEDIUM
CVE-2023-36796
>= 17.2 and < 17.2.19
Visual Studio Remote Code Execution Vulnerability
7.8
HIGH
CVE-2023-36794
>= 17.2 and < 17.2.19
Visual Studio Remote Code Execution Vulnerability
7.8
HIGH
CVE-2023-36793
>= 17.2 and < 17.2.19
Visual Studio Remote Code Execution Vulnerability
7.8
HIGH
CVE-2023-36792
>= 17.2 and < 17.2.19
Visual Studio Remote Code Execution Vulnerability
7.8
HIGH
CVE-2023-36759
>= 17.2.0 and < 17.2.19
Visual Studio Elevation of Privilege Vulnerability
6.7
MEDIUM
CVE-2023-36758
>= 17.7 and <= 17.7.4
Visual Studio Elevation of Privilege Vulnerability
7.8
HIGH
CVE-2023-38180
>= 17.2.0 and < 17.2.18
.NET and Visual Studio Denial of Service Vulnerability
7.5
HIGH
CVE-2023-35391
>= 17.2.0 and < 17.2.18
ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability
6.2
MEDIUM
CVE-2023-38178
>= 17.2.0 and < 17.2.18
.NET Core and Visual Studio Denial of Service Vulnerability
7.5
HIGH
CVE-2023-36897
>= 17.6.0 and < 17.6.6
Visual Studio Tools for Office Runtime Spoofing Vulnerability
8.1
HIGH
CVE-2023-35390
>= 17.2.0 and < 17.2.18
.NET and Visual Studio Remote Code Execution Vulnerability
7.8
HIGH
CVE-2023-33170
>= 17.0 and < 17.0.23
ASP.NET and Visual Studio Security Feature Bypass Vulnerability
8.1
HIGH
CVE-2023-33127
>= 17.0 and < 17.0.23
.NET and Visual Studio Elevation of Privilege Vulnerability
8.1
HIGH
CVE-2023-24897
>= 17.0 and < 17.0.22
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
7.8
HIGH
CVE-2023-24895
>= 17.0 and < 17.0.22
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
7.8
HIGH
CVE-2023-33139
>= 17.0 and < 17.0.22
Visual Studio Information Disclosure Vulnerability
5.5
MEDIUM
CVE-2023-33135
>= 17.0 and < 17.0.22
.NET and Visual Studio Elevation of Privilege Vulnerability
7.3
HIGH
CVE-2023-33128
>= 17.0 and < 17.0.22
.NET and Visual Studio Remote Code Execution Vulnerability
7.3
HIGH
CVE-2023-33126
>= 17.0 and < 17.0.22
.NET and Visual Studio Remote Code Execution Vulnerability
7.3
HIGH
CVE-2023-32032
>= 17.0 and < 17.0.22
.NET and Visual Studio Elevation of Privilege Vulnerability
6.5
MEDIUM
CVE-2023-28299
>= 17.0 and < 17.0.21
Visual Studio Spoofing Vulnerability
5.5
MEDIUM
CVE-2023-28296
>= 17.0 and < 17.0.21
Visual Studio Remote Code Execution Vulnerability
7.8
HIGH
CVE-2023-28263
>= 17.0 and < 17.0.21
Visual Studio Information Disclosure Vulnerability
5.5
MEDIUM
CVE-2023-28262
>= 17.0 and < 17.0.21
Visual Studio Elevation of Privilege Vulnerability
7.8
HIGH
CVE-2023-28260
>= 17.0 and < 17.0.21
.NET DLL Hijacking Remote Code Execution Vulnerability
7.8
HIGH
CVE-2023-23381
>= 17.0 and < 17.0.19
Visual Studio Remote Code Execution Vulnerability
7.8
HIGH
CVE-2023-21815
>= 17.0 and < 17.0.19
Visual Studio Remote Code Execution Vulnerability
7.8
HIGH
CVE-2023-21808
all versions
.NET and Visual Studio Remote Code Execution Vulnerability
7.8
HIGH
CVE-2023-21567
>= 17.0 and < 17.0.19
Visual Studio Denial of Service Vulnerability
5.6
MEDIUM
CVE-2023-21566
>= 17.0 and < 17.0.19
Visual Studio Elevation of Privilege Vulnerability
7.8
HIGH
CVE-2022-41119
all versions
Visual Studio Remote Code Execution Vulnerability
7.8
HIGH
CVE-2022-41032
>= 17.0 and < 17.0.15
NuGet Client Elevation of Privilege Vulnerability
7.8
HIGH
CVE-2022-38013
all versions
.NET Core and Visual Studio Denial of Service Vulnerability
7.5
HIGH
CVE-2022-35827
all versions
Visual Studio Remote Code Execution Vulnerability
8.8
HIGH
CVE-2022-35826
all versions
Visual Studio Remote Code Execution Vulnerability
8.8
HIGH
CVE-2022-35825
all versions
Visual Studio Remote Code Execution Vulnerability
8.8
HIGH
CVE-2022-35777
all versions
Visual Studio Remote Code Execution Vulnerability
8.8
HIGH
CVE-2022-30184
>= 17.0 and < 17.0.4
.NET and Visual Studio Information Disclosure Vulnerability
5.5
MEDIUM
CVE-2022-29145
>= 17.0 and < 17.1.7
.NET and Visual Studio Denial of Service Vulnerability
7.5
HIGH
CVE-2022-29117
all versions
.NET and Visual Studio Denial of Service Vulnerability
7.5
HIGH
CVE-2022-23267
all versions
.NET and Visual Studio Denial of Service Vulnerability
7.5
HIGH
CVE-2022-24513
all versions
Visual Studio Elevation of Privilege Vulnerability
7.8
HIGH
CVE-2022-24767
>= 17.0 and < 17.0.8
GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account.
7.8
HIGH
CVE-2022-24512
>= 17.0 and < 17.0.7
.NET and Visual Studio Remote Code Execution Vulnerability
6.3
MEDIUM
CVE-2022-24464
>= 17.0 and < 17.0.7
.NET and Visual Studio Denial of Service Vulnerability
7.5
HIGH
CVE-2022-21986
>= 17.0 and < 17.0.6
.NET Denial of Service Vulnerability
7.5
HIGH
CVE-2021-43877
all versions
ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability
8.8
HIGH
CVE-2020-8927
>= 17.0 and <= 17.0.7
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-sh
5.3
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin