Microsoft Visual Studio 2019 — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft Visual Studio 2019, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (118)
CVE-2019-1354 — CVSS 8.8 (high): A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code…
CVE-2020-1416 — CVSS 8.8 (high): An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual…
CVE-2025-49739 — CVSS 8.8 (high): Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over…
CVE-2019-1352 — CVSS 8.8 (high): A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code…
CVE-2019-1349 — CVSS 8.8 (high): A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code…
CVE-2019-1350 — CVSS 8.8 (high): A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code…
CVE-2019-0727 — CVSS 7.8 (high): An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows…
CVE-2019-1232 — CVSS 7.8 (high): An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file…
CVE-2020-0793 — CVSS 7.8 (high): An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka…
CVE-2020-0810 — CVSS 7.8 (high): An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows…
CVE-2020-1202 — CVSS 7.8 (high): An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to…
CVE-2020-1203 — CVSS 7.8 (high): An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to…
CVE-2020-1257 — CVSS 7.8 (high): An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka…
CVE-2020-1278 — CVSS 7.8 (high): An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka…
CVE-2020-1293 — CVSS 7.8 (high): An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka…
CVE-2020-1393 — CVSS 7.8 (high): An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize…
CVE-2020-16856 — CVSS 7.8 (high): <p>A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully…
CVE-2020-16874 — CVSS 7.8 (high): <p>A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully…
CVE-2025-32702 — CVSS 7.8 (high): Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to…
CVE-2020-1161 — CVSS 7.5 (high): A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service…
CVE-2020-1597 — CVSS 7.5 (high): A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this…
CVE-2019-1351 — CVSS 7.5 (high): A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering…
CVE-2020-1108 — CVSS 7.5 (high): A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework…
CVE-2025-25003 — CVSS 7.3 (high): Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.
CVE-2019-1211 — CVSS 7.3 (high): An elevation of privilege vulnerability exists in Git for Visual Studio when it improperly parses configuration files. An attacker who…
CVE-2020-0789 — CVSS 7.1 (high): A denial of service vulnerability exists when the Visual Studio Extension Installer Service improperly handles hard links, aka 'Visual…
CVE-2020-1130 — CVSS 6.6 (medium): <p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations. An…
CVE-2019-1425 — CVSS 6.5 (medium): An elevation of privilege vulnerability exists when Visual Studio fails to properly validate hardlinks while extracting archived files, aka…
CVE-2020-26870 — CVSS 6.1 (medium): Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the…
CVE-2019-1486 — CVSS 6.1 (medium): A spoofing vulnerability exists in Visual Studio Live Share when a guest connected to a Live Share session is redirected to an arbitrary…
CVE-2020-0899 — CVSS 5.5 (medium): An elevation of privilege vulnerability exists when Microsoft Visual Studio updater service improperly handles file permissions, aka…
CVE-2020-0900 — CVSS 5.5 (medium): An elevation of privilege vulnerability exists when the Visual Studio Extension Installer Service improperly handles file operations, aka…
CVE-2025-32703 — CVSS 5.5 (medium): Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally.
CVE-2020-8927 — CVSS 5.3 (medium): A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot"…
CVE-2019-1077 — CVSS 5.0 (medium): An elevation of privilege vulnerability exists when the Visual Studio updater service improperly handles file permissions, aka 'Visual…
CVE-2020-0884 — CVSS 3.7 (low): A spoofing vulnerability exists in Microsoft Visual Studio as it includes a reply URL that is not secured by SSL, aka 'Microsoft Visual…