Hub

This hub aggregates every CVE we track for Hub, a product in the devtools ci space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Hub.

• CVE-2026-50242In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 authentication bypass via direct database access leading to administrative access was...10.0Jun 19, 2026
• CVE-2026-56141In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 account takeover via predictable restore codes was possible9.8Jun 19, 2026
• CVE-2026-56142In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 privilege escalation by attaching authentication details to accounts was possible9.9Jun 19, 2026
• CVE-2026-32229In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled6.8Mar 11, 2026
• CVE-2026-25848In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible9.1Feb 9, 2026
• CVE-2025-65784Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated attackers with low-level privileges to access other users' information via a crafted API request.6.5Jan 13, 2026
• CVE-2025-65783An arbitrary file upload vulnerability in the /utils/uploadFile component of Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows attackers to execute arbitrary code via uploading a crafted P...9.8Jan 13, 2026
• CVE-2025-64683In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users API5.3Nov 10, 2025
• CVE-2025-64682In JetBrains Hub before 2025.3.104432 a race condition allowed bypass of the Agent-user limit2.7Nov 10, 2025
• CVE-2025-64681In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations2.7Nov 10, 2025
• CVE-2025-24456In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping6.7Jan 21, 2025
• CVE-2024-50573In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services4.3Oct 28, 2024
• CVE-2024-38507In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible3.5Jun 18, 2024
• CVE-2023-45823Arbitrary file read in Artifact Hub7.5Oct 19, 2023
• CVE-2023-45822Unsafe rego built-in allowed in Artifact Hub3.7Oct 19, 2023