471 CVEs

13 in CISA KEV

Atlassian Vulnerabilities

CVE security advisories and vulnerability history for Atlassian.

471

Total CVEs

Published

13

In CISA KEV

Exploited in the wild

48

Public exploits

With known exploit

7.4

Avg CVSS

2005–2026

Overview

Atlassian has 471 published CVE records since 2005, of which 13 are in CISA's Known Exploited Vulnerabilities catalog and 48 have a known public exploit. The average CVSS base score across scored CVEs is 7.4.

This page aggregates every publicly disclosed vulnerability (CVE) affecting Atlassian products, with severity breakdowns, the most-affected products, the most common weakness types, and the latest disclosures.

Severity and exploitation

How the CVSS severity of Atlassian's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical26

High54

Medium38

Low1

352 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

13

13 of Atlassian's CVEs are confirmed exploited in the wild.

Public exploits

48

48 of Atlassian's CVEs have a known public exploit available.

Most affected products

The Atlassian products with the most published CVEs.

Jira Server160 CVEs
jira156 CVEs
Jira Data Center104 CVEs
Crucible53 CVEs
fisheye53 CVEs
Confluence Server52 CVEs
jira software data center45 CVEs
Confluence Data Center42 CVEs

Common weakness types

The CWE weakness categories most often found in Atlassian CVEs. Follow any weakness for its full explanation.

CNAs that assign these CVEs

The CVE Numbering Authorities that publish Atlassian CVE records.

Disclosure activity by year

How many Atlassian CVEs were published each year.

2019

77

2020

82

2021

76

2022

39

2023

14

2024

18

2025

22

2026

4

Latest Atlassian CVEs

The most recently disclosed vulnerabilities affecting Atlassian.

Critical vulnerability · 2026-04-21
CWE-78
Critical · CVSS 9.4
EPSS 1.1%2026-04-21
High vulnerability · 2026-03-17
CWE-94
High · CVSS 8.6
EPSS 0.7%2026-03-17
High vulnerability · 2026-01-28
CWE-611
High · CVSS 7.9
EPSS 0.0%2026-01-28
Medium vulnerability · 2026-01-20
CWE-79
Medium · CVSS 6.1
EPSS 0.0%2026-01-20
Medium vulnerability · 2025-10-22
CWE-862
Medium · CVSS 5.3
EPSS 0.0%2025-10-22
Medium vulnerability · 2025-10-22
CWE-285
Medium · CVSS 5.3
EPSS 0.0%2025-10-22
Medium vulnerability · 2025-10-22
CWE-285
Medium · CVSS 5.3
EPSS 0.0%2025-10-22
Medium vulnerability · 2025-10-22
CWE-285
Medium · CVSS 5.3
EPSS 0.0%2025-10-22
Medium vulnerability · 2025-10-22
CWE-285
Medium · CVSS 5.3
EPSS 0.0%2025-10-22
Medium vulnerability · 2025-10-22
CWE-285
Medium · CVSS 5.3
EPSS 0.0%2025-10-22
Medium vulnerability · 2025-10-22
CWE-285
Medium · CVSS 5.3
EPSS 0.0%2025-10-22
Medium vulnerability · 2025-10-22
CWE-285
Medium · CVSS 5.3
EPSS 0.0%2025-10-22

Track new Atlassian CVEs as they are disclosed and get AI-written analysis and remediation guidance.

Monitor Atlassian CVEs

Other vendors

Browse vulnerabilities for other tracked vendors.

Ivanti497 CVEs ffmpeg494 CVEs AMD493 CVEs fabian483 CVEs openclaw483 CVEs HackerOne470 CVEs citrix452 CVEs Hewlett Packard Enterprise (HPE)450 CVEs

Browse all vendors

Frequently asked questions

Common questions about Atlassian vulnerabilities.

How many CVEs does Atlassian have?

Atlassian has 471 published CVE records since 2005, including 26 in the last two years.

How many Atlassian CVEs are in CISA KEV?

Yes — 13 of Atlassian's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.

Which Atlassian products have the most CVEs?

The Atlassian products with the most published CVEs are Jira Server, jira, Jira Data Center, Crucible, fisheye.

What are the most common weakness types in Atlassian CVEs?

Atlassian's CVEs most often map to these CWE weakness types: CWE-863 (Incorrect Authorization), CWE-94 (Improper Control of Generation of Code ('Code Injection')), CWE-285 (Improper Authorization), CWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')).

Are there public exploits for Atlassian vulnerabilities?

Yes — 48 of Atlassian's CVEs have a known public exploit.

How many critical Atlassian vulnerabilities are there?

Atlassian has 26 critical and 54 high-severity CVEs.

What is the average severity of Atlassian CVEs?

The average CVSS base score across Atlassian's scored CVEs is 7.4.

References

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track Atlassian vulnerabilities

Monitor new Atlassian vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing