VYPR

Hub

Sign in to watch

by Jetbrains

CVEs (13)

CVESevRiskCVSSEPSSKEVPublishedDescription
CVE-2026-32229Med0.446.80.00Mar 11, 2026In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled
CVE-2026-258480.000.00Feb 9, 2026In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible
CVE-2025-646830.000.00Nov 10, 2025In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users API
CVE-2025-646820.000.00Nov 10, 2025In JetBrains Hub before 2025.3.104432 a race condition allowed bypass of the Agent-user limit
CVE-2025-646810.000.00Nov 10, 2025In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations
CVE-2025-244560.000.00Jan 21, 2025In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping
CVE-2024-505730.000.00Oct 28, 2024In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services
CVE-2024-385070.000.00Jun 18, 2024In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible
CVE-2022-484770.000.00Apr 24, 2023In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing
CVE-2022-484290.000.00Mar 27, 2023In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible
CVE-2022-454710.000.00Nov 18, 2022In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address
CVE-2022-348940.000.00Jul 1, 2022In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services
CVE-2022-298110.000.00Apr 28, 2022In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible.