JetBrains Kotlin
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in JetBrains Kotlin.
By the Year
In 2025 there have been 0 vulnerabilities in JetBrains Kotlin. Kotlin did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 0 | 0.00 |
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 1 | 5.30 |
2021 | 1 | 5.30 |
2020 | 1 | 8.80 |
2019 | 3 | 8.10 |
2018 | 0 | 0.00 |
It may take a day or so for new Kotlin vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent JetBrains Kotlin Security Vulnerabilities
In JetBrains Kotlin before 1.6.0
CVE-2022-24329
5.3 - Medium
- February 25, 2022
In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.
Inclusion of Functionality from Untrusted Control Sphere
In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation
CVE-2020-29582
5.3 - Medium
- February 03, 2021
In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions.
Incorrect Default Permissions
In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue
CVE-2020-15824
8.8 - High
- August 08, 2020
In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.
Improper Privilege Management
JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially
CVE-2019-10101
8.1 - High
- July 03, 2019
JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack.
Cleartext Transmission of Sensitive Information
JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially
CVE-2019-10102
8.1 - High
- July 03, 2019
JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. This issue was fixed in Kotlin plugin version 1.3.30.
Cleartext Transmission of Sensitive Information
JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection, potentially
CVE-2019-10103
8.1 - High
- July 03, 2019
JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. This issue, which was fixed in Kotlin plugin version 1.3.30, is similar to CVE-2019-10101.
Missing Encryption of Sensitive Data
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for JetBrains Kotlin or by JetBrains? Click the Watch button to subscribe.