- How many CVEs does Atlassian have?
- Atlassian has 471 published CVE records since 2005, including 26 in the last two years.
- How many Atlassian CVEs are in CISA KEV?
- Yes — 13 of Atlassian's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.
- Which Atlassian products have the most CVEs?
- The Atlassian products with the most published CVEs are Jira Server, Jira, Jira Data Center, Crucible, Fisheye.
- What are the most common weakness types in Atlassian CVEs?
- Atlassian's CVEs most often map to these CWE weakness types: CWE-863 (Incorrect Authorization), CWE-94 (Improper Control of Generation of Code ('Code Injection')), CWE-285 (Improper Authorization), CWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')).
- Are there public exploits for Atlassian vulnerabilities?
- Yes — 64 of Atlassian's CVEs have a known public exploit.
- How many critical Atlassian vulnerabilities are there?
- Atlassian has 51 critical and 120 high-severity CVEs.
- What is the average severity of Atlassian CVEs?
- The average CVSS base score across Atlassian's scored CVEs is 6.5.