PyCharm
by Jetbrains
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-30005 | Hig | 0.51 | 7.8 | 0.01 | May 11, 2021 | In JetBrains PyCharm before 2020.3.4, local code execution was possible because of insufficient checks when getting the project from VCS. | ||
| CVE-2020-11694 | Hig | 0.49 | 7.5 | 0.02 | Apr 10, 2020 | In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were included. This is fixed in 2019.2.6 and 2019.3.3. | ||
| CVE-2019-14958 | Hig | 0.49 | 7.5 | 0.02 | Oct 2, 2019 | JetBrains PyCharm before 2019.2 was allocating a buffer of unknown size for one of the connection processes. In a very specific situation, it could lead to a remote invocation of an OOM error message because of Uncontrolled Memory Allocation. | ||
| CVE-2026-49384 | Med | 0.40 | 6.1 | 0.00 | May 29, 2026 | In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible | ||
| CVE-2022-29820 | Low | 0.20 | 3.0 | 0.00 | Apr 28, 2022 | In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible | ||
| CVE-2024-37051 | 0.01 | — | 0.04 | Jun 10, 2024 | GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3,… | |||
| CVE-2026-25847 | 0.00 | — | 0.00 | Feb 9, 2026 | In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was possible |
- risk 0.51cvss 7.8epss 0.01
In JetBrains PyCharm before 2020.3.4, local code execution was possible because of insufficient checks when getting the project from VCS.
- risk 0.49cvss 7.5epss 0.02
In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were included. This is fixed in 2019.2.6 and 2019.3.3.
- risk 0.49cvss 7.5epss 0.02
JetBrains PyCharm before 2019.2 was allocating a buffer of unknown size for one of the connection processes. In a very specific situation, it could lead to a remote invocation of an OOM error message because of Uncontrolled Memory Allocation.
- risk 0.40cvss 6.1epss 0.00
In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible
- risk 0.20cvss 3.0epss 0.00
In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible
- CVE-2024-37051Jun 10, 2024risk 0.01cvss —epss 0.04
GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3,…
- CVE-2026-25847Feb 9, 2026risk 0.00cvss —epss 0.00
In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was possible