CVE-2020-11691 — CVSS 7.5 (high): In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible.
CVE-2022-24327 — CVSS 7.5 (high): In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions.
CVE-2019-12847 — CVSS 7.2 (high): In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. It is…
CVE-2026-32229 — CVSS 6.8 (medium): In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled
CVE-2025-24456 — CVSS 6.7 (medium): In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping
CVE-2019-14955 — CVSS 5.3 (medium): In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to change the password and no password expiration…
CVE-2019-18360 — CVSS 5.3 (medium): In JetBrains Hub versions earlier than 2019.1.11738, username enumeration was possible through password recovery.
CVE-2022-48429 — CVSS 4.6 (medium): In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible
CVE-2024-50573 — CVSS 4.3 (medium): In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services