← Back

Jetbrains

jetbrains

564 CVEs • 38 products

Products (38)

Click to collapse
Toggle
Teamcity
teamcity
269 CVEs
Youtrack
youtrack
108 CVEs
Intellij Idea
intellij_idea
62 CVEs
Hub
hub
33 CVEs
Ktor
ktor
21 CVEs
Toolbox
toolbox
11 CVEs
Pycharm
pycharm
9 CVEs
Rider
rider
8 CVEs
Kotlin
kotlin
6 CVEs
Youtrack Mobile
youtrack_mobile
6 CVEs
Upsource
upsource
5 CVEs
Webstorm
webstorm
5 CVEs
Resharper
resharper
4 CVEs
Goland
goland
4 CVEs
Phpstorm
phpstorm
4 CVEs
Rubymine
rubymine
4 CVEs
Space
space
3 CVEs
Code With Me
code_with_me
3 CVEs
Junie
junie
3 CVEs
Mps
mps
2 CVEs
Clion
clion
2 CVEs
Dottrace
dottrace
2 CVEs
Dotpeek
dotpeek
1 CVE
Resharper Ultimate
resharper_ultimate
1 CVE
Youtrack Integration
youtrack_integration
1 CVE
Vim
vim
1 CVE
Idetalk
idetalk
1 CVE
Scala
scala
1 CVE
Ideavim
ideavim
1 CVE
Jetbrains Gateway
jetbrains_gateway
1 CVE
Aqua
aqua
1 CVE
Datagrip
datagrip
1 CVE
Dataspell
dataspell
1 CVE
Rustrover
rustrover
1 CVE
Etw Host Service
etw_host_service
1 CVE
Runtime
runtime
1 CVE
Ide Services
ide_services
1 CVE
Datalore
datalore
1 CVE

CVEs (564)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-68163
1Jetbrains
1Teamcity
Dec 18, 2025
Dec 16, 2025
N/A· v4
4.8 MEDIUM· v3
N/A· v2
In JetBrains TeamCity before 2025.11 stored XSS was possible on agentpushInstall page
CVE-2025-68162
1Jetbrains
1Teamcity
Dec 18, 2025
Dec 16, 2025
N/A· v4
2.7 LOW· v3
N/A· v2
In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration
CVE-2025-67742
1Jetbrains
1Teamcity
Dec 15, 2025
Dec 11, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
In JetBrains TeamCity before 2025.11 path traversal was possible via file upload
CVE-2025-67741
1Jetbrains
1Teamcity
Dec 15, 2025
Dec 11, 2025
N/A· v4
5.4 MEDIUM· v3
N/A· v2
In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute
CVE-2025-67740
1Jetbrains
1Teamcity
Dec 15, 2025
Dec 11, 2025
N/A· v4
5.3 MEDIUM· v3
N/A· v2
In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's metadata
CVE-2025-67739
1Jetbrains
1Teamcity
Dec 23, 2025
Dec 11, 2025
N/A· v4
3.1 LOW· v3
N/A· v2
In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure
CVE-2025-64773
1Jetbrains
1Youtrack
Dec 11, 2025
Nov 11, 2025
N/A· v4
3.7 LOW· v3
N/A· v2
In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit
CVE-2025-64685
1Jetbrains
1Youtrack
Nov 21, 2025
Nov 10, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure
CVE-2025-64684
1Jetbrains
1Youtrack
Nov 21, 2025
Nov 10, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form
CVE-2025-64683
1Jetbrains
1Hub
Nov 21, 2025
Nov 10, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users API
CVE-2025-64682
1Jetbrains
1Hub
Nov 20, 2025
Nov 10, 2025
N/A· v4
3.7 LOW· v3
N/A· v2
In JetBrains Hub before 2025.3.104432 a race condition allowed bypass of the Agent-user limit
CVE-2025-64681
1Jetbrains
1Hub
Nov 20, 2025
Nov 10, 2025
N/A· v4
3.7 LOW· v3
N/A· v2
In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations
CVE-2025-64457
1Jetbrains
3Dottrace
ResharperRider
Jan 12, 2026
Nov 10, 2025
N/A· v4
7.0 HIGH· v3
N/A· v2
In JetBrains ReSharper, Rider and dotTrace before 2025.2.5 local privilege escalation was possible via race condition
CVE-2025-64456
1Jetbrains
1Resharper
Nov 20, 2025
Nov 10, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege escalation
CVE-2025-59458
1Jetbrains
1Junie
Jan 20, 2026
Sep 17, 2025
N/A· v4
9.8 CRITICAL· v3
N/A· v2
In JetBrains Junie before 252.284.66, 251.284.66, 243.284.66, 252.284.61, 251.284.61, 243.284.61, 252.284.50, 252.284.54, 251.284.54, 251.284.50, 243.284.54, 243.284.50 code execution was possible due to improper command...Show more
In JetBrains Junie before 252.284.66, 251.284.66, 243.284.66, 252.284.61, 251.284.61, 243.284.61, 252.284.50, 252.284.54, 251.284.54, 251.284.50, 243.284.54, 243.284.50 code execution was possible due to improper command validationShow less
CVE-2025-59457
1Jetbrains
1Teamcity
Sep 22, 2025
Sep 17, 2025
N/A· v4
7.7 HIGH· v3
N/A· v2
In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Windows
CVE-2025-59456
1Jetbrains
1Teamcity
Sep 22, 2025
Sep 17, 2025
N/A· v4
5.5 MEDIUM· v3
N/A· v2
In JetBrains TeamCity before 2025.07.2 path traversal was possible during project archive upload
CVE-2025-59455
1Jetbrains
1Teamcity
Sep 22, 2025
Sep 17, 2025
N/A· v4
4.2 MEDIUM· v3
N/A· v2
In JetBrains TeamCity before 2025.07.2 project isolation bypass was possible due to race condition
CVE-2025-58335
1Jetbrains
1Junie
Jan 20, 2026
Aug 28, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
In JetBrains Junie before 252.284.66, 251.284.66, 243.284.66, 252.284.61, 251.284.61, 243.284.61, 252.284.50, 252.284.54, 251.284.54, 251.284.50, 243.284.54, 243.284.50 information disclosure was possible via search_proj...Show more
In JetBrains Junie before 252.284.66, 251.284.66, 243.284.66, 252.284.61, 251.284.61, 243.284.61, 252.284.50, 252.284.54, 251.284.54, 251.284.50, 243.284.54, 243.284.50 information disclosure was possible via search_project functionShow less
CVE-2025-58334
1Jetbrains
1Ide Services
Oct 14, 2025
Aug 28, 2025
N/A· v4
8.8 HIGH· v3
N/A· v2
In JetBrains IDE Services before 2025.5.0.1086, 2025.4.2.2164 users without appropriate permissions could assign high-privileged role for themselves