← Back

Jetbrains

jetbrains

564 CVEs • 38 products

Products (38)

Click to collapse
Toggle
Teamcity
teamcity
269 CVEs
Youtrack
youtrack
108 CVEs
Intellij Idea
intellij_idea
62 CVEs
Hub
hub
33 CVEs
Ktor
ktor
21 CVEs
Toolbox
toolbox
11 CVEs
Pycharm
pycharm
9 CVEs
Rider
rider
8 CVEs
Kotlin
kotlin
6 CVEs
Youtrack Mobile
youtrack_mobile
6 CVEs
Upsource
upsource
5 CVEs
Webstorm
webstorm
5 CVEs
Resharper
resharper
4 CVEs
Goland
goland
4 CVEs
Phpstorm
phpstorm
4 CVEs
Rubymine
rubymine
4 CVEs
Space
space
3 CVEs
Code With Me
code_with_me
3 CVEs
Junie
junie
3 CVEs
Mps
mps
2 CVEs
Clion
clion
2 CVEs
Dottrace
dottrace
2 CVEs
Dotpeek
dotpeek
1 CVE
Resharper Ultimate
resharper_ultimate
1 CVE
Youtrack Integration
youtrack_integration
1 CVE
Vim
vim
1 CVE
Idetalk
idetalk
1 CVE
Scala
scala
1 CVE
Ideavim
ideavim
1 CVE
Jetbrains Gateway
jetbrains_gateway
1 CVE
Aqua
aqua
1 CVE
Datagrip
datagrip
1 CVE
Dataspell
dataspell
1 CVE
Rustrover
rustrover
1 CVE
Etw Host Service
etw_host_service
1 CVE
Runtime
runtime
1 CVE
Ide Services
ide_services
1 CVE
Datalore
datalore
1 CVE

CVEs (564)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2026-49366
1Jetbrains
1Intellij Idea
Jun 1, 2026
May 29, 2026
N/A· v4
7.8 HIGH· v3
N/A· v2
In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion
CVE-2026-44413
1Jetbrains
1Teamcity
May 12, 2026
May 11, 2026
N/A· v4
7.5 HIGH· v3
N/A· v2
In JetBrains TeamCity before 2026.1 2025.11.5 authenticated users could expose server API to unauthorised access
CVE-2026-41882
1Jetbrains
1Intellij Idea
May 5, 2026
Apr 30, 2026
N/A· v4
7.5 HIGH· v3
N/A· v2
In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files was possible via built-in web server
CVE-2026-41153
1Jetbrains
1Junie
Apr 27, 2026
Apr 17, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
In JetBrains Junie before 252.549.29 command execution was possible via malicious project file
CVE-2026-33392
1Jetbrains
1Youtrack
Apr 20, 2026
Apr 17, 2026
N/A· v4
7.2 HIGH· v3
N/A· v2
In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass
CVE-2026-32745
1Jetbrains
1Datalore
Apr 2, 2026
Mar 13, 2026
N/A· v4
5.7 MEDIUM· v3
N/A· v2
In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings
CVE-2026-32229
1Jetbrains
1Hub
Apr 2, 2026
Mar 11, 2026
N/A· v4
6.8 MEDIUM· v3
N/A· v2
In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled
CVE-2026-28196
1Jetbrains
1Teamcity
Feb 25, 2026
Feb 25, 2026
N/A· v4
2.3 LOW· v3
N/A· v2
In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on disk
CVE-2026-28195
1Jetbrains
1Teamcity
Feb 25, 2026
Feb 25, 2026
N/A· v4
4.3 MEDIUM· v3
N/A· v2
In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations
CVE-2026-28194
1Jetbrains
1Teamcity
Feb 25, 2026
Feb 25, 2026
N/A· v4
6.1 MEDIUM· v3
N/A· v2
In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow
CVE-2026-28193
1Jetbrains
1Youtrack
Feb 26, 2026
Feb 25, 2026
N/A· v4
5.3 MEDIUM· v3
N/A· v2
In JetBrains YouTrack before 2025.3.121962 apps were able to send requests to the app permissions endpoint
CVE-2026-25848
1Jetbrains
1Hub
Feb 18, 2026
Feb 9, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible
CVE-2026-25847
1Jetbrains
1Pycharm
Feb 18, 2026
Feb 9, 2026
N/A· v4
6.1 MEDIUM· v3
N/A· v2
In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was possible
CVE-2026-25846
1Jetbrains
1Youtrack
Feb 18, 2026
Feb 9, 2026
N/A· v4
6.5 MEDIUM· v3
N/A· v2
In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs
CVE-2025-68269
1Jetbrains
1Intellij Idea
Dec 23, 2025
Dec 16, 2025
N/A· v4
5.4 MEDIUM· v3
N/A· v2
In JetBrains IntelliJ IDEA before 2025.3 missing confirmation allowed opening of untrusted remote projects over SSH
CVE-2025-68268
1Jetbrains
1Teamcity
Dec 18, 2025
Dec 16, 2025
N/A· v4
6.1 MEDIUM· v3
N/A· v2
In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on the storage settings page
CVE-2025-68267
1Jetbrains
1Teamcity
Dec 18, 2025
Dec 16, 2025
N/A· v4
6.5 MEDIUM· v3
N/A· v2
In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token
CVE-2025-68166
1Jetbrains
1Teamcity
Dec 18, 2025
Dec 16, 2025
N/A· v4
6.1 MEDIUM· v3
N/A· v2
In JetBrains TeamCity before 2025.11 a DOM-based XSS was possible on the OAuth connections tab
CVE-2025-68165
1Jetbrains
1Teamcity
Dec 18, 2025
Dec 16, 2025
N/A· v4
6.1 MEDIUM· v3
N/A· v2
In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup
CVE-2025-68164
1Jetbrains
1Teamcity
Dec 18, 2025
Dec 16, 2025
N/A· v4
2.7 LOW· v3
N/A· v2
In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test