U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): jetbrains
  • Search Type: Search All
There are 473 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2025-48391

In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API

Published: May 20, 2025; 2:15:47 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-47854

In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page

Published: May 20, 2025; 2:15:47 PM -0400
V4.0:(not available)
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2025-47853

In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible

Published: May 20, 2025; 2:15:47 PM -0400
V4.0:(not available)
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2025-47852

In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible

Published: May 20, 2025; 2:15:47 PM -0400
V4.0:(not available)
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2025-47851

In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks Webhook was possible

Published: May 20, 2025; 2:15:47 PM -0400
V4.0:(not available)
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2025-47850

In JetBrains YouTrack before 2025.1.74704 restricted attachments could become visible after issue cloning

Published: May 20, 2025; 2:15:46 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-46618

In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab

Published: April 25, 2025; 11:15:40 AM -0400
V4.0:(not available)
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2025-46433

In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible

Published: April 25, 2025; 11:15:40 AM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2025-46432

In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs

Published: April 25, 2025; 11:15:40 AM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2025-43016

In JetBrains Rider before 2025.1.2 custom archive unpacker allowed arbitrary file overwrite during remote debug session

Published: April 25, 2025; 11:15:39 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-43015

In JetBrains RubyMine before 2025.1 remote Interpreter overwrote ports to listen on all interfaces

Published: April 17, 2025; 12:16:00 PM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2025-43014

In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation

Published: April 17, 2025; 12:16:00 PM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2025-43013

In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible

Published: April 17, 2025; 12:15:59 PM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2025-43012

In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible

Published: April 17, 2025; 12:15:59 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-42921

In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin

Published: April 17, 2025; 12:15:59 PM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2025-32054

In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could be logged in the idea.log file

Published: April 03, 2025; 1:15:30 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-31141

In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page

Published: March 27, 2025; 8:15:15 AM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2025-31140

In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page

Published: March 27, 2025; 8:15:14 AM -0400
V4.0:(not available)
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2025-31139

In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log

Published: March 27, 2025; 8:15:14 AM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2025-29932

In JetBrains GoLand before 2025.1 an XXE during debugging was possible

Published: March 25, 2025; 9:15:41 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)