Security

.github/SECURITY.md

Security Vulnerabilities

Security issues are treated very seriously and will, by default, takes precedence over other considerations including usability, performance, etc... Best effort will be used to mitigate side effects of a security change, but PowerShell must be secure by default.

Reporting a security vulnerability

If you believe that there is a security vulnerability in PowerShell, it must be reported using https://aka.ms/secure-at to allow for Coordinated Vulnerability Disclosure. Only file an issue, if MSRC has confirmed filing an issue is appropriate.

Microsoft Security Advisory CVE-2020-0605: .NET Framework Remote Code Execution Vulnerability
GHSA-jcmq-5rrv-j2g4 published May 14, 2020 by TravisEz13

High
Microsoft Security Advisory CVE-2019-1301: Denial of Service Vulnerability in .NET Core
GHSA-62gw-3rmj-wmp2 published Sep 12, 2019 by TravisEz13

High
Microsoft Security Advisory CVE-2019-1167: Windows Defender Application Control Security Feature Bypass Vulnerability
GHSA-5frh-8cmj-gc59 published Jul 16, 2019 by TravisEz13

High

Learn more about advisories related to PowerShell/PowerShell in the GitHub Advisory Database