Jetbrains Intellij Idea
42 CVEs affecting Jetbrains Intellij Idea. Latest disclosed: 2026-05-29. Critical: 1, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-37051 | Critical | 9.3 | 2024-06-10 | GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 202… |
CVE-2022-28651 | High | 8.4 | 2022-04-05 | In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields |
CVE-2026-49367 | High | 8.0 | 2026-05-29 | In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account |
CVE-2026-49366 | High | 7.8 | 2026-05-29 | In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion |
CVE-2022-40978 | High | 7.5 | 2022-09-19 | The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerable to EXE search order hijacking |
CVE-2026-41882 | High | 7.4 | 2026-04-30 | In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files was possible via built-in web serv… |
CVE-2022-29819 | Medium | 6.9 | 2022-04-28 | In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible |
CVE-2022-29815 | Medium | 6.9 | 2022-04-28 | In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible |
CVE-2022-29814 | Medium | 6.9 | 2022-04-28 | In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible |
CVE-2022-29813 | Medium | 6.9 | 2022-04-28 | In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible |
CVE-2025-57729 | Medium | 6.5 | 2025-08-20 | In JetBrains IntelliJ IDEA before 2025.2 unexpected plugin startup was possible due to automatic LSP server start |
CVE-2025-57728 | Medium | 6.5 | 2025-08-20 | In JetBrains IntelliJ IDEA before 2025.2 improper access control allowed Code With Me guest to discover hidden files |
CVE-2023-51655 | Medium | 6.3 | 2023-12-21 | In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project con… |
CVE-2022-46826 | Medium | 6.2 | 2022-12-08 | In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability. |
CVE-2024-24941 | Medium | 6.1 | 2024-02-06 | In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL |
CVE-2022-48433 | Medium | 6.1 | 2023-03-29 | In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server. |
CVE-2022-46824 | Medium | 5.6 | 2022-12-08 | In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fsnotifier daemon on macOS was possible. |
CVE-2022-48430 | Medium | 5.5 | 2023-03-29 | In JetBrains IntelliJ IDEA before 2023.1 file content could be disclosed via an external stylesheet path in Markdown preview. |
CVE-2025-68269 | Medium | 5.4 | 2025-12-16 | In JetBrains IntelliJ IDEA before 2025.3 missing confirmation allowed opening of untrusted remote projects over SSH |
CVE-2025-57730 | Medium | 5.2 | 2025-08-20 | In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature |