GCVE - cpe:2.3:a:jetbrains:hub:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:jetbrains:hub:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Jetbrains (`b1b7db7a-bd16-5477-8e89-fb64c5636fcd`)
Product	Hub (`1bbbe364-7508-5ba7-ad4c-e0d04bdc2edb`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-32229`	vulnerable	2026-06-03 15:20:42.565138	Details available MEDIUM (6.8) In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled Published: 2026-03-11T15:03:37.988Z Updated: 2026-03-12T03:55:31.443Z Open on db.gcve.eu Reference links https://www.jetbrains.com/privacy-security/issues-fixed/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-25848`	vulnerable	2026-06-03 15:18:04.387464	Details available CRITICAL (9.1) In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible Published: 2026-02-09T10:39:02.452Z Updated: 2026-02-26T15:04:14.813Z Open on db.gcve.eu Reference links https://www.jetbrains.com/privacy-security/issues-fixed/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-64683`	vulnerable	2026-06-03 15:09:39.664311	Details available MEDIUM (5.3) In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users API Published: 2025-11-10T13:27:56.565Z Updated: 2025-11-10T14:58:21.648Z Open on db.gcve.eu Reference links https://www.jetbrains.com/privacy-security/issues-fixed/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-64682`	vulnerable	2026-06-03 15:09:39.663906	Details available LOW (2.7) In JetBrains Hub before 2025.3.104432 a race condition allowed bypass of the Agent-user limit Published: 2025-11-10T13:27:55.389Z Updated: 2025-11-10T14:36:21.010Z Open on db.gcve.eu Reference links https://www.jetbrains.com/privacy-security/issues-fixed/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-64681`	vulnerable	2026-06-03 15:09:39.663547	Details available LOW (2.7) In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations Published: 2025-11-10T13:27:54.552Z Updated: 2025-11-10T14:39:10.302Z Open on db.gcve.eu Reference links https://www.jetbrains.com/privacy-security/issues-fixed/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-24456`	vulnerable	2026-06-03 14:59:56.033306	Details available MEDIUM (6.7) In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping Published: 2025-01-21T17:23:17.295Z Updated: 2025-01-21T18:42:05.201Z Open on db.gcve.eu Reference links https://www.jetbrains.com/privacy-security/issues-fixed/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-50573`	vulnerable	2026-06-03 14:57:25.146866	Details available MEDIUM (4.3) In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services Published: 2024-10-28T12:55:46.703Z Updated: 2024-10-28T13:42:39.672Z Open on db.gcve.eu Reference links https://www.jetbrains.com/privacy-security/issues-fixed/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-38507`	vulnerable	2026-06-03 14:56:18.832214	Details available LOW (3.5) In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible Published: 2024-06-18T10:42:07.784Z Updated: 2024-08-02T04:12:24.742Z Open on db.gcve.eu Reference links https://www.jetbrains.com/privacy-security/issues-fixed/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-48477`	vulnerable	2026-06-03 14:48:33.599048	Details available MEDIUM (4.1) In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing Published: 2023-04-24T12:21:29.223Z Updated: 2025-02-04T16:19:47.248Z Open on db.gcve.eu Reference links https://www.jetbrains.com/privacy-security/issues-fixed/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-48429`	vulnerable	2026-06-03 14:48:33.521207	Details available MEDIUM (4.6) In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible Published: 2023-03-27T15:51:43.848Z Updated: 2025-02-19T16:53:12.754Z Open on db.gcve.eu Reference links https://www.jetbrains.com/privacy-security/issues-fixed/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-45471`	vulnerable	2026-06-03 14:48:24.279308	Details available LOW (3.5) In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address Published: 2022-11-18T14:04:02.694Z Updated: 2025-04-28T19:12:02.607Z Open on db.gcve.eu Reference links https://www.jetbrains.com/privacy-security/issues-fixed/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-34894`	vulnerable	2026-06-03 14:47:37.435252	Details available LOW (3.5) In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services Published: 2022-07-01T09:00:15.000Z Updated: 2024-08-03T09:22:10.639Z Open on db.gcve.eu Reference links https://www.jetbrains.com/privacy-security/issues-fixed/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-29811`	vulnerable	2026-06-03 14:46:58.931644	Details available MEDIUM (6.1) In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible. Published: 2022-04-28T09:55:17.000Z Updated: 2024-08-03T06:33:42.797Z Open on db.gcve.eu Reference links https://www.jetbrains.com/privacy-security/issues-fixed/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-25262`	vulnerable	2026-06-03 14:46:37.466689	Details available In JetBrains Hub before 2022.1.14434, SAML request takeover was possible. Published: 2022-02-25T19:59:29.000Z Updated: 2024-08-03T04:36:06.652Z Open on db.gcve.eu Reference links https://blog.jetbrains.com https://www.jetbrains.com/privacy-security/issues-fixed/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-25260`	vulnerable	2026-06-03 14:46:37.464890	Details available JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF). Published: 2022-02-25T20:01:18.000Z Updated: 2024-08-03T04:36:06.544Z Open on db.gcve.eu Reference links https://blog.jetbrains.com https://www.jetbrains.com/privacy-security/issues-fixed/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-25259`	vulnerable	2026-06-03 14:46:37.464505	Details available JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS. Published: 2022-02-25T20:01:27.000Z Updated: 2024-08-03T04:36:06.557Z Open on db.gcve.eu Reference links https://blog.jetbrains.com https://www.jetbrains.com/privacy-security/issues-fixed/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-24328`	vulnerable	2026-06-03 14:46:29.834770	Details available In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS. Published: 2022-02-25T14:35:00.000Z Updated: 2024-08-03T04:07:02.459Z Open on db.gcve.eu Reference links https://blog.jetbrains.com https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-24327`	vulnerable	2026-06-03 14:46:29.834388	Details available In JetBrains Hub before 2021.1.13890, integration with JetBrains Account exposed an API key with excessive permissions. Published: 2022-02-25T14:34:56.000Z Updated: 2024-08-03T04:07:02.392Z Open on db.gcve.eu Reference links https://blog.jetbrains.com https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-43183`	vulnerable	2026-06-03 14:45:33.762078	Details available In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed. Published: 2021-11-09T14:53:44.000Z Updated: 2024-08-04T03:47:13.594Z Open on db.gcve.eu Reference links https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-43182`	vulnerable	2026-06-03 14:45:33.761783	Details available In JetBrains Hub before 2021.1.13415, a DoS via user information is possible. Published: 2021-11-09T15:07:18.000Z Updated: 2024-08-04T03:47:13.593Z Open on db.gcve.eu Reference links https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-43181`	vulnerable	2026-06-03 14:45:33.761473	Details available In JetBrains Hub before 2021.1.13690, stored XSS is possible. Published: 2021-11-09T15:06:12.000Z Updated: 2024-08-04T03:47:13.667Z Open on db.gcve.eu Reference links https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-43180`	vulnerable	2026-06-03 14:45:33.761101	Details available In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible. Published: 2021-11-09T15:08:09.000Z Updated: 2024-08-04T03:47:13.628Z Open on db.gcve.eu Reference links https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-37541`	vulnerable	2026-06-03 14:45:00.735302	Details available In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible. Published: 2021-08-06T13:21:06.000Z Updated: 2024-08-04T01:23:01.208Z Open on db.gcve.eu Reference links https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-37540`	vulnerable	2026-06-03 14:45:00.734982	Details available In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment feature was used. Published: 2021-08-06T13:20:09.000Z Updated: 2024-08-04T01:23:01.201Z Open on db.gcve.eu Reference links https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-36209`	vulnerable	2026-06-03 14:44:57.410672	Details available In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset. Published: 2021-08-06T13:19:25.000Z Updated: 2024-08-04T00:54:50.702Z Open on db.gcve.eu Reference links https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-31901`	vulnerable	2026-06-03 14:44:33.966745	Details available In JetBrains Hub before 2021.1.13079, two-factor authentication wasn't enabled properly for the All Users group. Published: 2021-05-11T11:34:00.000Z Updated: 2024-08-03T23:10:30.614Z Open on db.gcve.eu Reference links https://blog.jetbrains.com https://blog.jetbrains.com/blog/2021/05/07/jetbrains-security-bulletin-q1-2021/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-25760`	vulnerable	2026-06-03 14:44:05.828552	Details available In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible. Published: 2021-02-03T15:18:26.000Z Updated: 2024-08-03T20:11:28.065Z Open on db.gcve.eu Reference links https://blog.jetbrains.com https://blog.jetbrains.com/blog/2021/02/03/jetbrains-security-bulletin-q4-2020/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-25759`	vulnerable	2026-06-03 14:44:05.828253	Details available In JetBrains Hub before 2020.1.12629, an authenticated user can delete 2FA settings of any other user. Published: 2021-02-03T15:17:43.000Z Updated: 2024-08-03T20:11:28.202Z Open on db.gcve.eu Reference links https://blog.jetbrains.com https://blog.jetbrains.com/blog/2021/02/03/jetbrains-security-bulletin-q4-2020/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-25757`	vulnerable	2026-06-03 14:44:05.827542	Details available In JetBrains Hub before 2020.1.12629, an open redirect was possible. Published: 2021-02-03T15:17:03.000Z Updated: 2024-08-03T20:11:27.688Z Open on db.gcve.eu Reference links https://blog.jetbrains.com https://blog.jetbrains.com/blog/2021/02/03/jetbrains-security-bulletin-q4-2020/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-11691`	vulnerable	2026-06-03 14:41:26.504598	Details available In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible. Published: 2020-04-22T13:52:41.000Z Updated: 2024-08-04T11:35:13.764Z Open on db.gcve.eu Reference links https://blog.jetbrains.com/blog/2020/04/22/jetbrains-security-bulletin-q1-2020/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-18360`	vulnerable	2026-06-03 14:39:57.217985	Details available In JetBrains Hub versions earlier than 2019.1.11738, username enumeration was possible through password recovery. Published: 2019-10-31T14:02:29.000Z Updated: 2024-08-05T01:54:14.246Z Open on db.gcve.eu Reference links https://blog.jetbrains.com/blog/2019/10/29/jetbrains-security-bulletin-q3-2019/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-14955`	vulnerable	2026-06-03 14:39:46.887139	Details available In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to change the password and no password expiration policy was implemented. Published: 2019-10-01T15:50:27.000Z Updated: 2024-08-05T00:34:52.619Z Open on db.gcve.eu Reference links https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-12847`	vulnerable	2026-06-03 14:39:36.208514	Details available In JetBrains Hub versions earlier than 2018.4.11298, the audit events for SMTPSettings show a cleartext password to the admin user. It is only relevant in cases where a password has not changed since 2017, and if the audit log still contains events from before that period. Published: 2019-07-03T18:30:56.000Z Updated: 2024-08-04T23:32:55.526Z Open on db.gcve.eu Reference links https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Hub

PURL mappings

Vulnerability references

Contribute