Jetbrains Security Vulnerabilities (CVEs)

This CVE describes a missing authorization vulnerability in JetBrains TeamCity where project developers can add parameters to build configurations wit...

This vulnerability in JetBrains YouTrack allows applications to send unauthorized requests to the app permissions endpoint, potentially enabling privi...

A DOM-based cross-site scripting (XSS) vulnerability in JetBrains PyCharm's Jupyter viewer page allows attackers to execute arbitrary JavaScript in th...

JetBrains YouTrack versions before 2025.3.119033 expose access tokens in Mailbox logs, potentially allowing attackers to steal authentication credenti...

This vulnerability in JetBrains TeamCity allows attackers to enumerate open ports on the server when testing Perforce connections. It affects organiza...

JetBrains TeamCity versions before 2025.11 contain a reflected cross-site scripting (XSS) vulnerability in the VCS Root setup interface. This allows a...

This DOM-based cross-site scripting (XSS) vulnerability in JetBrains TeamCity allows attackers to inject malicious scripts into the OAuth connections ...

JetBrains TeamCity versions before 2025.11.1 stored GitHub personal access tokens instead of installation tokens, granting excessive privileges. This ...

This vulnerability allows attackers to inject malicious scripts into the JetBrains TeamCity storage settings page, which are then executed in victims'...

This vulnerability in JetBrains IntelliJ IDEA allows attackers to trick users into opening untrusted remote projects over SSH without proper confirmat...

This vulnerability in JetBrains TeamCity allows attackers to load malicious extensions via Maven embedder through project configuration. It affects Te...

This stored cross-site scripting (XSS) vulnerability in JetBrains TeamCity allows attackers to inject malicious scripts into the agentpushInstall page...

This vulnerability in JetBrains TeamCity allows attackers to disclose local file paths through improper repository URL validation. It affects TeamCity...

This vulnerability in JetBrains TeamCity allows improper access control that could expose GitHub App token metadata. It affects organizations using Te...

This stored cross-site scripting (XSS) vulnerability in JetBrains TeamCity allows attackers to inject malicious scripts into session attributes that p...

A race condition vulnerability in JetBrains YouTrack allows bypassing helpdesk Agent license limits. This affects organizations using YouTrack's helpd...

This vulnerability in JetBrains TeamCity allows attackers to leak credentials on Windows systems due to insufficient Git URL validation. It affects Te...

This CVE describes a project isolation bypass vulnerability in JetBrains TeamCity due to a race condition. Attackers could potentially access or modif...

This vulnerability allows attackers to perform path traversal attacks during project archive uploads in JetBrains TeamCity, potentially enabling unaut...

This vulnerability in JetBrains Junie allows attackers to access sensitive information through the search_project function. It affects users running v...

This CVE describes an SMTP injection vulnerability in JetBrains TeamCity that allows attackers to modify email content sent by the application. Attack...

This vulnerability exposes AWS credentials in Docker script files within JetBrains TeamCity CI/CD servers. Attackers who gain access to these files co...

This vulnerability in JetBrains IntelliJ IDEA allows attackers to potentially access sensitive credentials through remote references. It affects users...

This vulnerability in JetBrains IntelliJ IDEA allows Code With Me guests to discover hidden files on the host system due to improper access control. I...

This vulnerability in JetBrains IntelliJ IDEA allows unexpected plugin startup due to automatic Language Server Protocol (LSP) server activation, pote...

This vulnerability allows HTML injection through JetBrains IntelliJ IDEA's Remote Development feature, enabling attackers to inject malicious HTML con...

This stored cross-site scripting (XSS) vulnerability in JetBrains YouTrack allows attackers to inject malicious scripts into Mermaid diagram content t...

This vulnerability in JetBrains TeamCity allows passwords to be exposed via command line arguments when using the 'hg pull' command. Attackers with ac...

This vulnerability allows reflected cross-site scripting (XSS) attacks on JetBrains TeamCity's agentpushPreset page. Attackers can inject malicious sc...

This Cross-Site Request Forgery (CSRF) vulnerability in JetBrains TeamCity allows attackers to trick authenticated users into performing unintended Gr...

This vulnerability in JetBrains TeamCity allows attackers to escalate privileges due to incorrect directory permissions. It affects all TeamCity insta...

This vulnerability in JetBrains TeamCity allows unauthorized users to access sensitive build configuration settings through snapshot dependencies. It ...

A Cross-Site Request Forgery (CSRF) vulnerability in JetBrains TeamCity's GitHub App connection flow allows attackers to trick authenticated users int...

This vulnerability allows attackers to spoof emails through an administrative API in JetBrains YouTrack. Attackers could send emails appearing to come...

This vulnerability allows reflected cross-site scripting (XSS) attacks on the favoriteIcon page in JetBrains TeamCity. Attackers can inject malicious ...

This vulnerability in JetBrains TeamCity exposes usernames to users who lack proper permissions to view them. It affects organizations using TeamCity ...

This stored cross-site scripting (XSS) vulnerability in JetBrains TeamCity allows attackers to inject malicious scripts via GitHub Checks Webhooks. Wh...

This vulnerability allows attackers to inject malicious scripts into JetBrains TeamCity's Jira integration interface, which are then stored and execut...

This vulnerability in JetBrains YouTrack allows unauthorized deletion of issues due to missing permission checks in the API. Any YouTrack instance wit...

This vulnerability in JetBrains TeamCity allows attackers to bypass path validation in the loggingPreset parameter, potentially enabling unauthorized ...

This vulnerability in JetBrains Rider allows attackers to overwrite arbitrary files during remote debugging sessions. Attackers could potentially exec...

The JetBrains Toolbox App SSH plugin before version 2.6 establishes SSH connections without requiring sufficient user confirmation. This allows potent...

This vulnerability in JetBrains RubyMine allows remote interpreters to bind to all network interfaces instead of only localhost, potentially exposing ...

The JetBrains Toolbox App before version 2.6 had missing SSH host key verification in its SSH plugin, allowing potential man-in-the-middle attacks. Th...

This vulnerability allows command injection in JetBrains Toolbox App's SSH plugin, enabling attackers to execute arbitrary commands on affected system...

This stored cross-site scripting (XSS) vulnerability in JetBrains TeamCity allows attackers to inject malicious scripts into the Cloud Profiles page. ...

CVE-2025-29904 is an HTTP request smuggling vulnerability in JetBrains Ktor framework versions before 3.1.1. This allows attackers to bypass security ...

This vulnerability in JetBrains TeamCity allows attackers to access sensitive Kubernetes resources due to improper connection settings. Organizations ...

Multiple DOM-based cross-site scripting (XSS) vulnerabilities exist in JetBrains TeamCity's Code Inspection Report tab. These allow attackers to injec...