VYPR

Vendor CVEs

Jetbrains

All CVEs

564 total · sorted by risk
  • CVE-2024-50580Oct 28, 2024
    risk 0.02cvss epss 0.00

    In JetBrains YouTrack before 2024.3.47707 multiple XSS were possible due to insecure markdown parsing and custom rendering rule

  • CVE-2024-50578Oct 28, 2024
    risk 0.02cvss epss 0.00

    In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via sprint value on agile boards page

  • CVE-2024-50576Oct 28, 2024
    risk 0.02cvss epss 0.00

    In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest

  • CVE-2024-36372May 29, 2024
    risk 0.02cvss epss 0.00

    In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible

  • CVE-2024-36367May 29, 2024
    risk 0.02cvss epss 0.00

    In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via third-party reports was possible

  • CVE-2025-26493Feb 11, 2025
    risk 0.01cvss epss 0.00

    In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Report tab

  • CVE-2024-50579Oct 28, 2024
    risk 0.01cvss epss 0.00

    In JetBrains YouTrack before 2024.3.47707 reflected XSS due to insecure link sanitization was possible

  • CVE-2024-50577Oct 28, 2024
    risk 0.01cvss epss 0.00

    In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings

  • CVE-2024-50575Oct 28, 2024
    risk 0.01cvss epss 0.00

    In JetBrains YouTrack before 2024.3.47707 reflected XSS was possible in Widget API

  • CVE-2024-37051Jun 10, 2024
    risk 0.01cvss epss 0.04

    GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3,…

  • CVE-2026-50242Jun 19, 2026
    risk 0.00cvss epss 0.00

    In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 authentication bypass via direct database access leading to administrative access was possible

  • CVE-2026-56142Jun 19, 2026
    risk 0.00cvss epss 0.00

    In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 privilege escalation by attaching authentication details to accounts was possible

  • CVE-2026-56141Jun 19, 2026
    risk 0.00cvss epss 0.00

    In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 account takeover via predictable restore codes was possible

  • CVE-2026-53915Jun 19, 2026
    risk 0.00cvss epss 0.00

    In JetBrains GoLand before 2026.1.3 remote code execution was possible via untrusted project configuration

  • CVE-2026-28196Feb 25, 2026
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on disk

  • CVE-2026-28195Feb 25, 2026
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations

  • CVE-2026-28194Feb 25, 2026
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow

  • CVE-2026-28193Feb 25, 2026
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2025.3.121962 apps were able to send requests to the app permissions endpoint

  • CVE-2026-25848Feb 9, 2026
    risk 0.00cvss epss 0.00

    In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible

  • CVE-2026-25847Feb 9, 2026
    risk 0.00cvss epss 0.00

    In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was possible

  • CVE-2026-25846Feb 9, 2026
    risk 0.00cvss epss 0.01

    In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs

  • CVE-2025-68269Dec 16, 2025
    risk 0.00cvss epss 0.00

    In JetBrains IntelliJ IDEA before 2025.3 missing confirmation allowed opening of untrusted remote projects over SSH

  • CVE-2025-68268Dec 16, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on the storage settings page

  • CVE-2025-68267Dec 16, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token

  • CVE-2025-68166Dec 16, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.11 a DOM-based XSS was possible on the OAuth connections tab

  • CVE-2025-68165Dec 16, 2025
    risk 0.00cvss epss 0.03

    In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup

  • CVE-2025-68164Dec 16, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test

  • CVE-2025-68163Dec 16, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.11 stored XSS was possible on agentpushInstall page

  • CVE-2025-68162Dec 16, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration

  • CVE-2025-67742Dec 11, 2025
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2025.11 path traversal was possible via file upload

  • CVE-2025-67741Dec 11, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute

  • CVE-2025-67740Dec 11, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's metadata

  • CVE-2025-67739Dec 11, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure

  • CVE-2025-64773Nov 11, 2025
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit

  • CVE-2025-64457Nov 10, 2025
    risk 0.00cvss epss 0.00

    In JetBrains ReSharper, Rider and dotTrace before 2025.2.5 local privilege escalation was possible via race condition

  • CVE-2025-64456Nov 10, 2025
    risk 0.00cvss epss 0.00

    In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege escalation

  • CVE-2025-64685Nov 10, 2025
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure

  • CVE-2025-64684Nov 10, 2025
    risk 0.00cvss epss 0.00

    In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form

  • CVE-2025-64683Nov 10, 2025
    risk 0.00cvss epss 0.00

    In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users API

  • CVE-2025-64682Nov 10, 2025
    risk 0.00cvss epss 0.00

    In JetBrains Hub before 2025.3.104432 a race condition allowed bypass of the Agent-user limit

  • CVE-2025-64681Nov 10, 2025
    risk 0.00cvss epss 0.00

    In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations

  • CVE-2025-59458Sep 17, 2025
    risk 0.00cvss epss 0.00

    In JetBrains Junie before 252.284.66, 251.284.66, 243.284.66, 252.284.61, 251.284.61, 243.284.61, 252.284.50, 252.284.54, 251.284.54, 251.284.50, 243.284.54, 243.284.50 code execution was possible due to improper command validation

  • CVE-2025-59457Sep 17, 2025
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Windows

  • CVE-2025-59456Sep 17, 2025
    risk 0.00cvss epss 0.12

    In JetBrains TeamCity before 2025.07.2 path traversal was possible during project archive upload

  • CVE-2025-59455Sep 17, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.07.2 project isolation bypass was possible due to race condition

  • CVE-2025-58335Aug 28, 2025
    risk 0.00cvss epss 0.00

    In JetBrains Junie before 252.284.66, 251.284.66, 243.284.66, 252.284.61, 251.284.61, 243.284.61, 252.284.50, 252.284.54, 251.284.54, 251.284.50, 243.284.54, 243.284.50 information disclosure was possible via search_project function

  • CVE-2025-58334Aug 28, 2025
    risk 0.00cvss epss 0.00

    In JetBrains IDE Services before 2025.5.0.1086, 2025.4.2.2164 users without appropriate permissions could assign high-privileged role for themselves

  • CVE-2025-57734Aug 20, 2025
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files

  • CVE-2025-57733Aug 20, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content

  • CVE-2025-57732Aug 20, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership

Page 2 of 12