Jetbrains Security Vulnerabilities (CVEs)
Track 147 security vulnerabilities affecting Jetbrains products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This CVE describes a critical vulnerability in JetBrains Ktor Native 2.0.0 where the SHA1 implementation returned the same hash value for all inputs, ...
May 12, 2022This vulnerability allows attackers to inject malicious JavaScript into Markdown content in JetBrains YouTrack's Classic UI. When exploited, it enable...
Apr 5, 2022This CVE describes a Server-Side Template Injection (SSTI) vulnerability in JetBrains YouTrack that allows attackers to execute arbitrary code on the ...
Feb 25, 2022JetBrains Hub versions before 2021.1.14276 contain a blind Server-Side Request Forgery (SSRF) vulnerability that allows attackers to make unauthorized...
Feb 25, 2022This vulnerability allows attackers to perform SAML request takeover in JetBrains Hub, potentially enabling authentication bypass and account compromi...
Feb 25, 2022This vulnerability in JetBrains TeamCity allows environment variables marked as 'password' type to be logged in certain cases, potentially exposing se...
Feb 25, 2022This vulnerability in JetBrains TeamCity allows attackers to exploit a race condition during agent registration via XML-RPC, potentially enabling unau...
Feb 25, 2022This vulnerability allows XML External Entity (XXE) attacks during configuration file parsing in JetBrains TeamCity. Attackers can read arbitrary file...
Feb 25, 2022This vulnerability in JetBrains TeamCity allows attackers to inject malicious URLs that can lead to Cross-Site Request Forgery (CSRF) attacks. It affe...
Feb 25, 2022This vulnerability in JetBrains IntelliJ IDEA allows local code execution without user permission when opening a project. Attackers could execute arbi...
Feb 25, 2022This vulnerability in JetBrains IDEs used as Remote Development backends causes them to bind to all network interfaces (0.0.0.0) instead of localhost ...
Feb 25, 2022This vulnerability in JetBrains TeamCity allows attackers to impersonate users through GitLab authentication flaws. It affects TeamCity instances usin...
Feb 25, 2022This vulnerability allows clickjacking attacks by missing X-Frame-Options headers in JetBrains TeamCity instances. Attackers can embed vulnerable page...
Nov 30, 2021This vulnerability in JetBrains Hub allows attackers to cause a Denial of Service (DoS) condition by manipulating user information. It affects all org...
Nov 9, 2021This vulnerability in JetBrains Ktor allows improper nonce verification during OAuth2 authentication, potentially enabling attackers to bypass authent...
Nov 9, 2021This vulnerability in JetBrains YouTrack Mobile for iOS allows attackers to bypass access token protection, potentially gaining unauthorized access to...
Nov 9, 2021This vulnerability allows remote attackers to execute arbitrary code on JetBrains TeamCity servers by exploiting the agent push functionality. It affe...
Nov 9, 2021This vulnerability in JetBrains TeamCity allows attackers to access sensitive information through the Docker Registry connection dialog. It affects Te...
Nov 9, 2021This vulnerability in JetBrains TeamCity allows attackers to bypass permission checks in the Agent Push functionality, potentially enabling unauthoriz...
Nov 9, 2021This vulnerability allows attackers to bypass authentication throttling mechanisms in JetBrains Hub, potentially enabling brute-force attacks on login...
Nov 9, 2021CVE-2021-43185 is a Host header injection vulnerability in JetBrains YouTrack that allows attackers to manipulate HTTP Host headers to perform web cac...
Nov 9, 2021This vulnerability in JetBrains RubyMine IDE allows remote code execution without user confirmation when opening untrusted projects. Attackers could e...
Aug 6, 2021CVE-2021-37544 is an insecure deserialization vulnerability in JetBrains TeamCity that allows remote attackers to execute arbitrary code on affected s...
Aug 6, 2021JetBrains TeamCity versions before 2021.1 could store passwords in cleartext within version control systems (VCS). This vulnerability allows attackers...
Aug 6, 2021This vulnerability allows insufficient sandboxing in JetBrains YouTrack workflows, potentially enabling attackers to execute arbitrary code or bypass ...
Aug 6, 2021This vulnerability in JetBrains YouTrack uses an insecure pseudo-random number generator (PRNG) that could allow attackers to predict generated values...
Aug 6, 2021CVE-2021-36209 is an account takeover vulnerability in JetBrains Hub password reset functionality. Attackers could exploit this to reset passwords for...
Aug 6, 2021This vulnerability in JetBrains UpSource allows application passwords to remain valid after they should have been revoked, potentially enabling unauth...
May 11, 2021This vulnerability in JetBrains WebStorm allows arbitrary code execution without user confirmation when opening untrusted projects. It affects WebStor...
May 11, 2021This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in JetBrains TeamCity that allows attackers to make unauthorized requests from t...
May 11, 2021CVE-2021-31912 is an account takeover vulnerability in JetBrains TeamCity where attackers could potentially hijack user accounts during password reset...
May 11, 2021This vulnerability allows attackers to execute arbitrary code on JetBrains TeamCity servers running on Windows. It affects TeamCity installations befo...
May 11, 2021This vulnerability allows remote attackers to execute arbitrary code on JetBrains TeamCity servers by injecting malicious arguments. It affects all Te...
May 11, 2021This vulnerability in the TeamCity IntelliJ plugin allows denial-of-service attacks by crashing the plugin or IDE. It affects developers using Intelli...
May 11, 2021This vulnerability in JetBrains IntelliJ IDEA allows local code execution due to insufficient validation when retrieving projects from version control...
May 11, 2021This CVE describes an XML External Entity (XXE) vulnerability in IntelliJ IDEA that allows attackers to read arbitrary files from the system. It affec...
May 11, 2021This vulnerability in JetBrains Code With Me allows clients in read-only mode to execute arbitrary code on the host system. It affects all JetBrains I...
May 11, 2021This vulnerability in JetBrains Hub allows attackers to bypass two-factor authentication for users in the 'All Users' group. It affects organizations ...
May 11, 2021This vulnerability in JetBrains YouTrack allows unauthorized information disclosure through issue previews. Attackers can potentially access sensitive...
May 11, 2021This vulnerability in JetBrains YouTrack prevents administrators from accessing attachments stored in the system. It affects YouTrack administrators w...
Feb 3, 2021This vulnerability is a server-side template injection (SSTI) in JetBrains YouTrack, allowing attackers to inject malicious templates that can execute...
Feb 3, 2021This vulnerability in JetBrains TeamCity exposes Elastic Container Registry (ECR) tokens in build parameters, potentially allowing unauthorized access...
Feb 3, 2021CVE-2020-35667 is a Server-Side Request Forgery (SSRF) vulnerability in JetBrains TeamCity Plugin that allows attackers to make unauthorized requests ...
Feb 3, 2021This vulnerability in JetBrains IntelliJ IDEA allows local code execution through insecure deserialization of workspace models. Attackers could exploi...
Feb 3, 2021This Cross-Site Request Forgery (CSRF) vulnerability in JetBrains YouTrack allows attackers to trick authenticated users into uploading malicious atta...
Feb 3, 2021This vulnerability in JetBrains Kotlin before version 1.4.21 uses an insecure Java API for temporary file creation, allowing attackers to read sensiti...
Feb 3, 2021This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of JetBrains ToolBox via a malicious brows...
Nov 16, 2020Why Monitor Jetbrains Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 147+ known vulnerabilities affecting Jetbrains products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Jetbrains packages in under 60 seconds. No agents required - completely agentless scanning that works across Jetbrains deployments.
Free vulnerability database: Access detailed information about every Jetbrains CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Jetbrains CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
