This page lists publicly disclosed CVE vulnerabilities affecting microsoft azure_devops_server (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-21512 | Server-side request forgery (ssrf) in Azure DevOps Server allows an authorized attacker to perform spoofing over a network. | [email protected] | 6.5 | 0.10% | 2026-02-10 | 2026-02-11 |
| CVE-2024-35267 | Azure DevOps Server Spoofing Vulnerability | [email protected] | 7.6 | 0.36% | 2024-07-09 | 2024-11-21 |
| CVE-2024-35266 | Azure DevOps Server Spoofing Vulnerability | [email protected] | 7.6 | 0.36% | 2024-07-09 | 2024-11-21 |
| CVE-2024-20667 | Azure DevOps Server Remote Code Execution Vulnerability | [email protected] | 7.5 | 0.31% | 2024-02-13 | 2024-11-21 |
| CVE-2023-21751 | Azure DevOps Server Spoofing Vulnerability | [email protected] | 6.5 | 0.25% | 2023-12-14 | 2024-11-21 |
| CVE-2023-36561 | Azure DevOps Server Elevation of Privilege Vulnerability | [email protected] | 7.3 | 0.27% | 2023-10-10 | 2024-11-21 |
| CVE-2023-38155 | Azure DevOps Server Remote Code Execution Vulnerability | [email protected] | 7.0 | 0.36% | 2023-09-12 | 2024-11-21 |
| CVE-2023-33136 | Azure DevOps Server Remote Code Execution Vulnerability | [email protected] | 8.8 | 0.66% | 2023-09-12 | 2024-11-21 |
| CVE-2023-36869 | Azure DevOps Server Spoofing Vulnerability | [email protected] | 6.3 | 0.18% | 2023-08-08 | 2024-11-21 |
| CVE-2023-21569 | Azure DevOps Server Spoofing Vulnerability | [email protected] | 5.5 | 0.28% | 2023-06-14 | 2024-11-21 |
| CVE-2023-21565 | Azure DevOps Server Spoofing Vulnerability | [email protected] | 7.1 | 1.83% | 2023-06-14 | 2024-11-21 |
| CVE-2023-21553 | Azure DevOps Server Remote Code Execution Vulnerability | [email protected] | 7.5 | 1.47% | 2023-02-14 | 2024-11-21 |
| CVE-2023-21564 | Azure DevOps Server Cross-Site Scripting Vulnerability | [email protected] | 7.1 | 6.37% | 2023-02-14 | 2024-11-21 |
| CVE-2021-28459 | Azure DevOps Server Spoofing Vulnerability | [email protected] | 6.1 | 1.04% | 2021-04-13 | 2024-11-21 |
| CVE-2021-27067 | Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability | [email protected] | 6.5 | 15.86% | 2021-04-13 | 2024-11-21 |
| CVE-2020-17145 | Azure DevOps Server and Team Foundation Services Spoofing Vulnerability | [email protected] | 5.4 | 0.55% | 2020-12-10 | 2025-08-28 |
| CVE-2020-17135 | Azure DevOps Server Spoofing Vulnerability | [email protected] | 6.4 | 0.52% | 2020-12-10 | 2025-08-28 |
| CVE-2020-1325 | Azure DevOps Server and Team Foundation Services Spoofing Vulnerability | [email protected] | 5.4 | 1.56% | 2020-11-11 | 2024-11-21 |
| CVE-2020-1326 | A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'. | [email protected] | 5.4 | 0.53% | 2020-07-14 | 2024-11-21 |
| CVE-2020-1327 | A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'. | [email protected] | 6.1 | 0.61% | 2020-06-09 | 2024-11-21 |