Skip to main content

Pycharm

8 CVEs product

Monthly

CVE-2026-49384 MEDIUM PATCH This Month

Stored XSS in JetBrains PyCharm's Jupyter notebook Markdown cell renderer allows a remote, unauthenticated attacker to execute arbitrary JavaScript in the context of a victim's PyCharm session by delivering a crafted notebook file. All PyCharm versions prior to 2025.3.4 are affected. The vulnerability carries no KEV listing and no public exploit has been identified at time of analysis, though the low attack complexity and lack of required privileges make opportunistic abuse via shared or repository-hosted notebooks plausible.

XSS Pycharm
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-25847 HIGH This Week

In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was possible [CVSS 8.2 HIGH]

XSS Pycharm
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2024-37051 HIGH This Week

GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aqua Clion Datagrip Dataspell +9
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2022-29821 HIGH This Week

In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible. Rated high severity (CVSS 7.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Pycharm
NVD
CVSS 3.1
7.7
EPSS
0.2%
CVE-2022-29820 LOW Monitor

In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Pycharm
NVD
CVSS 3.1
3.5
EPSS
0.4%
CVE-2021-30005 HIGH This Week

In JetBrains PyCharm before 2020.3.4, local code execution was possible because of insufficient checks when getting the project from VCS. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Pycharm
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-11694 HIGH POC This Week

In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were included. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Apple Pycharm
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-14958 HIGH This Week

JetBrains PyCharm before 2019.2 was allocating a buffer of unknown size for one of the connection processes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Pycharm
NVD
CVSS 3.1
7.5
EPSS
1.9%
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Stored XSS in JetBrains PyCharm's Jupyter notebook Markdown cell renderer allows a remote, unauthenticated attacker to execute arbitrary JavaScript in the context of a victim's PyCharm session by delivering a crafted notebook file. All PyCharm versions prior to 2025.3.4 are affected. The vulnerability carries no KEV listing and no public exploit has been identified at time of analysis, though the low attack complexity and lack of required privileges make opportunistic abuse via shared or repository-hosted notebooks plausible.

XSS Pycharm
NVD VulDB
EPSS 0% CVSS 8.2
HIGH This Week

In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was possible [CVSS 8.2 HIGH]

XSS Pycharm
NVD
EPSS 4% CVSS 7.5
HIGH This Week

GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aqua Clion +11
NVD
EPSS 0% CVSS 7.7
HIGH This Week

In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible. Rated high severity (CVSS 7.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Pycharm
NVD
EPSS 0% CVSS 3.5
LOW Monitor

In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Pycharm
NVD
EPSS 1% CVSS 7.8
HIGH This Week

In JetBrains PyCharm before 2020.3.4, local code execution was possible because of insufficient checks when getting the project from VCS. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Pycharm
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were included. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Apple +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH This Week

JetBrains PyCharm before 2019.2 was allocating a buffer of unknown size for one of the connection processes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Pycharm
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy