Jetbrains
Products
38- 267 CVEs
- 114 CVEs
- 62 CVEs
- 36 CVEs
- 19 CVEs
- 11 CVEs
- 9 CVEs
- 7 CVEs
- 5 CVEs
- 5 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- View all 38 products →
Recent CVEs
564| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-27199 | Hig | 0.73 | 7.3 | 1.00 | KEV | Mar 4, 2024 | In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible | |
| CVE-2026-49368 | Hig | 0.57 | 8.7 | 0.00 | May 29, 2026 | In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible | ||
| CVE-2026-44413 | Hig | 0.53 | 8.2 | 0.00 | May 11, 2026 | In JetBrains TeamCity before 2026.1 2025.11.5 authenticated users could expose server API to unauthorised access | ||
| CVE-2026-49367 | Hig | 0.52 | 8.0 | 0.00 | May 29, 2026 | In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account | ||
| CVE-2026-49366 | Hig | 0.51 | 7.8 | 0.00 | May 29, 2026 | In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion | ||
| CVE-2018-14878 | Hig | 0.51 | 7.8 | 0.02 | Aug 13, 2018 | JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific file, because of Deserialization of Untrusted Data. | ||
| CVE-2026-49374 | Hig | 0.49 | 7.6 | 0.00 | May 29, 2026 | In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters | ||
| CVE-2026-49372 | Hig | 0.49 | 7.5 | 0.00 | May 29, 2026 | In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible | ||
| CVE-2017-8316 | Hig | 0.49 | 7.5 | 0.02 | Aug 3, 2018 | IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml. | ||
| CVE-2026-41882 | Hig | 0.48 | 7.4 | 0.00 | Apr 30, 2026 | In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files was possible via built-in web server | ||
| CVE-2026-33392 | Hig | 0.47 | 7.2 | 0.00 | Apr 17, 2026 | In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass | ||
| CVE-2026-49373 | Hig | 0.46 | 7.1 | 0.00 | May 29, 2026 | In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings | ||
| CVE-2026-49371 | Hig | 0.46 | 7.1 | 0.00 | May 29, 2026 | In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible | ||
| CVE-2026-32229 | Med | 0.44 | 6.8 | 0.00 | Mar 11, 2026 | In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled | ||
| CVE-2026-49386 | Med | 0.42 | 6.5 | 0.00 | May 29, 2026 | In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas | ||
| CVE-2026-49385 | Med | 0.42 | 6.5 | 0.00 | May 29, 2026 | In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts | ||
| CVE-2026-49379 | Med | 0.42 | 6.5 | 0.00 | May 29, 2026 | In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names | ||
| CVE-2026-49376 | Med | 0.42 | 6.5 | 0.00 | May 29, 2026 | In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin | ||
| CVE-2026-32745 | Med | 0.41 | 6.3 | 0.00 | Mar 13, 2026 | In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings | ||
| CVE-2026-49384 | Med | 0.40 | 6.1 | 0.00 | May 29, 2026 | In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible |
- risk 0.73cvss 7.3epss 1.00
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
- risk 0.57cvss 8.7epss 0.00
In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible
- risk 0.53cvss 8.2epss 0.00
In JetBrains TeamCity before 2026.1 2025.11.5 authenticated users could expose server API to unauthorised access
- risk 0.52cvss 8.0epss 0.00
In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account
- risk 0.51cvss 7.8epss 0.00
In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion
- risk 0.51cvss 7.8epss 0.02
JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific file, because of Deserialization of Untrusted Data.
- risk 0.49cvss 7.6epss 0.00
In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters
- risk 0.49cvss 7.5epss 0.00
In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible
- risk 0.49cvss 7.5epss 0.02
IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml.
- risk 0.48cvss 7.4epss 0.00
In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files was possible via built-in web server
- risk 0.47cvss 7.2epss 0.00
In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass
- risk 0.46cvss 7.1epss 0.00
In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings
- risk 0.46cvss 7.1epss 0.00
In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible
- risk 0.44cvss 6.8epss 0.00
In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled
- risk 0.42cvss 6.5epss 0.00
In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas
- risk 0.42cvss 6.5epss 0.00
In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts
- risk 0.42cvss 6.5epss 0.00
In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names
- risk 0.42cvss 6.5epss 0.00
In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin
- risk 0.41cvss 6.3epss 0.00
In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings
- risk 0.40cvss 6.1epss 0.00
In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible