← Back

Jetbrains

jetbrains

564 CVEs • 38 products

Products (38)

Click to collapse
Toggle
Teamcity
teamcity
269 CVEs
Youtrack
youtrack
108 CVEs
Intellij Idea
intellij_idea
62 CVEs
Hub
hub
33 CVEs
Ktor
ktor
21 CVEs
Toolbox
toolbox
11 CVEs
Pycharm
pycharm
9 CVEs
Rider
rider
8 CVEs
Kotlin
kotlin
6 CVEs
Youtrack Mobile
youtrack_mobile
6 CVEs
Upsource
upsource
5 CVEs
Webstorm
webstorm
5 CVEs
Resharper
resharper
4 CVEs
Goland
goland
4 CVEs
Phpstorm
phpstorm
4 CVEs
Rubymine
rubymine
4 CVEs
Space
space
3 CVEs
Code With Me
code_with_me
3 CVEs
Junie
junie
3 CVEs
Mps
mps
2 CVEs
Clion
clion
2 CVEs
Dottrace
dottrace
2 CVEs
Dotpeek
dotpeek
1 CVE
Resharper Ultimate
resharper_ultimate
1 CVE
Youtrack Integration
youtrack_integration
1 CVE
Vim
vim
1 CVE
Idetalk
idetalk
1 CVE
Scala
scala
1 CVE
Ideavim
ideavim
1 CVE
Jetbrains Gateway
jetbrains_gateway
1 CVE
Aqua
aqua
1 CVE
Datagrip
datagrip
1 CVE
Dataspell
dataspell
1 CVE
Rustrover
rustrover
1 CVE
Etw Host Service
etw_host_service
1 CVE
Runtime
runtime
1 CVE
Ide Services
ide_services
1 CVE
Datalore
datalore
1 CVE

CVEs (564)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-42921
1Jetbrains
1Toolbox
Apr 23, 2025
Apr 17, 2025
N/A· v4
6.5 MEDIUM· v3
N/A· v2
In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin
CVE-2025-32054
1Jetbrains
1Intellij Idea
Sep 30, 2025
Apr 3, 2025
N/A· v4
3.3 LOW· v3
N/A· v2
In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could be logged in the idea.log file
CVE-2025-31141
1Jetbrains
1Teamcity
May 16, 2025
Mar 27, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page
CVE-2025-31140
1Jetbrains
1Teamcity
May 16, 2025
Mar 27, 2025
N/A· v4
6.1 MEDIUM· v3
N/A· v2
In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page
CVE-2025-31139
1Jetbrains
1Teamcity
May 16, 2025
Mar 27, 2025
N/A· v4
6.5 MEDIUM· v3
N/A· v2
In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log
CVE-2025-29932
1Jetbrains
1Goland
Sep 30, 2025
Mar 25, 2025
N/A· v4
5.3 MEDIUM· v3
N/A· v2
In JetBrains GoLand before 2025.1 an XXE during debugging was possible
CVE-2025-29904
1Jetbrains
1Ktor
Oct 2, 2025
Mar 12, 2025
N/A· v4
5.3 MEDIUM· v3
N/A· v2
In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible
CVE-2025-29903
1Jetbrains
1Runtime
Jan 13, 2026
Mar 12, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
In JetBrains Runtime before 21.0.6b872.80 arbitrary dynamic library execution due to insecure macOS flags was possible
CVE-2025-26493
1Jetbrains
1Teamcity
May 16, 2025
Feb 11, 2025
N/A· v4
6.1 MEDIUM· v3
N/A· v2
In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Report tab
CVE-2025-26492
1Jetbrains
1Teamcity
May 16, 2025
Feb 11, 2025
N/A· v4
9.1 CRITICAL· v3
N/A· v2
In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources
CVE-2025-23385
1Jetbrains
4Dottrace
Etw Host ServiceResharper+1 more
Jan 12, 2026
Jan 28, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation v...Show more
In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possibleShow less
CVE-2025-24461
1Jetbrains
1Teamcity
Jan 30, 2025
Jan 21, 2025
N/A· v4
6.5 MEDIUM· v3
N/A· v2
In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint
CVE-2025-24460
1Jetbrains
1Teamcity
Jan 30, 2025
Jan 21, 2025
N/A· v4
4.3 MEDIUM· v3
N/A· v2
In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool
CVE-2025-24459
1Jetbrains
1Teamcity
Jan 30, 2025
Jan 21, 2025
N/A· v4
6.1 MEDIUM· v3
N/A· v2
In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page
CVE-2025-24458
1Jetbrains
1Youtrack
Jan 30, 2025
Jan 21, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration
CVE-2025-24457
1Jetbrains
1Youtrack
Jan 30, 2025
Jan 21, 2025
N/A· v4
5.5 MEDIUM· v3
N/A· v2
In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logs
CVE-2025-24456
1Jetbrains
1Hub
Jan 30, 2025
Jan 21, 2025
N/A· v4
8.8 HIGH· v3
N/A· v2
In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping
CVE-2024-56356
1Jetbrains
1Teamcity
Jan 2, 2025
Dec 20, 2024
N/A· v4
7.1 HIGH· v3
N/A· v2
In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack
CVE-2024-56355
1Jetbrains
1Teamcity
Jan 2, 2025
Dec 20, 2024
N/A· v4
5.4 MEDIUM· v3
N/A· v2
In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS
CVE-2024-56354
1Jetbrains
1Teamcity
Jan 2, 2025
Dec 20, 2024
N/A· v4
4.9 MEDIUM· v3
N/A· v2
In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission