JetBrains ≫ IntelliJ IDEA

In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible

In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible

In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible

In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient

In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields

In JetBrains IntelliJ IDEA before 2021.3.1, local code execution via RLO (Right-to-Left Override) characters was possible.

In JetBrains IntelliJ IDEA before 2021.2.4, local code execution (without permission from a user) upon opening a project was possible.

JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3....

In JetBrains IntelliJ IDEA before 2021.1, DoS was possible because of unbounded resource allocation.

In IntelliJ IDEA before 2020.3.3, XXE was possible, leading to information disclosure.