Strange message in Solution Explorer.

ef1000 "possible sql injection vulnerability"

It doesn't prevent compile, no errors, no warnings, no messages in "Errors List".

No similar messages in the output on compile... Click doesn't move focus to "vulnerability" line. No referenced file/line related information.

But there is context menu with "Delete" button which doesn't work (nothing happens). There are no Analyzers related entries in proj file.

Looks like common package references bug. How to fix it?

I went to that location C:\Users\User.nuget .. etc and deleted the package. I closed visual studio and reopened it. The package was restored and the error was gone. I was using a .net framework application in visual studio at the same time and was opening and closing the core solution repeatedly so I'm thinking the package got corrupted somehow.