Atlassian Confluence Server Vulnerabilities: CVEs, CISA KEV & Security Advisories

This page aggregates every publicly disclosed vulnerability (CVE) affecting Atlassian Confluence Server, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list.

Affected versions and CVEs

Browse every Atlassian Confluence Server version named in a CVE, then pick one to see only the CVEs that affect it.

Specific versions

>= 8.0.06 CVEs
>= 8.2.05 CVEs
>= 8.3.05 CVEs
>= 8.4.05 CVEs
>= 8.5.05 CVEs
>= 8.1.04 CVEs
>= 8.6.04 CVEs
>= 7.19.03 CVEs
>= 8.7.13 CVEs
>= 7.20.02 CVEs
>= 8.5.12 CVEs
7.20.0 to 7.20.32 CVEs
8.0.0 to 8.0.42 CVEs
8.1.0 to 8.1.42 CVEs
8.2.0 to 8.2.32 CVEs
8.3.0 to 8.3.42 CVEs
8.4.0 to 8.4.52 CVEs
>= 1.1.21 CVE
>= 4.0.01 CVE
>= 7.13.01 CVE
>= 7.14.01 CVE
>= 8.0.11 CVE
>= 8.0.21 CVE
>= 8.0.31 CVE
>= 8.1.31 CVE
>= 8.1.41 CVE
>= 8.2.11 CVE
>= 8.2.21 CVE
>= 8.2.31 CVE
>= 8.3.11 CVE
>= 8.3.21 CVE
>= 8.4.11 CVE
>= 8.4.21 CVE
>= 8.5.21 CVE
>= 8.5.31 CVE
7.19.0 to 7.19.211 CVE
8.5.0 to 8.5.121 CVE
8.5.0 to 8.5.81 CVE

Fixed in

unspecified17 CVEs
8.5.56 CVEs
7.19.184 CVEs
< 8.0.03 CVEs
>= 7.19.183 CVEs
>= 8.5.53 CVEs
7.13.73 CVEs
7.14.33 CVEs
7.15.23 CVEs
7.16.43 CVEs
7.17.43 CVEs
7.4.173 CVEs
< 7.19.02 CVEs
>= 8.5.42 CVEs

Find a version

52 CVEs

Sort

High vulnerability · 2025-10-21
CVE-2025-22166
Patch
CWE-405
High · CVSS 8.3
EPSS 0.1% (26th pct)2025-10-21
High vulnerability · 2025-03-17
CVE-2023-22512
Patch
CWE-400
High · CVSS 7.5
EPSS 14.8% (95th pct)2025-03-17
Medium vulnerability · 2024-11-27
CVE-2024-21703
Patch
CWE-732
Medium · CVSS 6.4
EPSS 0.0% (15th pct)2024-11-27
High vulnerability · 2024-08-21
CVE-2024-21690
Patch
CWE-79
High · CVSS 7.1
EPSS 0.7% (72th pct)2024-08-21
High vulnerability · 2024-07-16
CVE-2024-21686
Patch
CWE-79
High · CVSS 7.3
EPSS 2.6% (86th pct)2024-07-16
High vulnerability · 2024-05-21
CVE-2024-21683
Public exploit
Patch
CWE-94
High · CVSS 7.2
EPSS 94.1% (100th pct)2024-05-21
High vulnerability · 2024-03-19
CVE-2024-21677
Patch
CWE-22
High · CVSS 8.3
EPSS 2.0% (84th pct)2024-03-19
High vulnerability · 2024-02-20
CVE-2024-21678
Patch
CWE-79
High · CVSS 8.5
EPSS 1.5% (82th pct)2024-02-20
High vulnerability · 2024-01-16
CVE-2024-21673
Patch
CWE-94
High · CVSS 8.0
EPSS 9.2% (93th pct)2024-01-16
High vulnerability · 2024-01-16
CVE-2024-21672
Patch
CWE-94
High · CVSS 8.3
EPSS 7.2% (92th pct)2024-01-16
Critical vulnerability · 2024-01-16
CVE-2023-22527
CISA KEV
Public exploit
Patch
CWE-74
Added to CISA KEV 2024-01-24
Critical · CVSS 10.0
EPSS 94.4% (100th pct)2024-01-16
High vulnerability · 2024-01-16
CVE-2024-21674
Patch
CWE-94
High · CVSS 8.6
EPSS 2.5% (86th pct)2024-01-16
High vulnerability · 2024-01-16
CVE-2023-22526
Patch
CWE-94
High · CVSS 7.2
EPSS 0.5% (67th pct)2024-01-16
Critical vulnerability · 2023-12-06
CVE-2023-22522
Patch
Critical · CVSS 9.0
EPSS 16.2% (95th pct)2023-12-06
Critical vulnerability · 2023-10-31
CVE-2023-22518
CISA KEV
Public exploit
Patch
CWE-863
Added to CISA KEV 2023-11-07
Critical · CVSS 9.3
EPSS 94.4% (100th pct)2023-10-31
Critical vulnerability · 2023-10-04
CVE-2023-22515
CISA KEV
Public exploit
Patch
CWE-20
Added to CISA KEV 2023-10-05
Critical · CVSS 9.3
EPSS 94.3% (100th pct)2023-10-04
High vulnerability · 2023-07-18
CVE-2023-22508
Patch
High · CVSS 8.5
EPSS 5.1% (90th pct)2023-07-18
High vulnerability · 2023-07-18
CVE-2023-22505
Patch
High · CVSS 8.0
EPSS 2.9% (87th pct)2023-07-18
Medium vulnerability · 2023-05-25
CVE-2023-22504
Patch
Medium · CVSS 4.3
EPSS 0.4% (64th pct)2023-05-25
Medium vulnerability · 2023-05-01
CVE-2023-22503
Patch
CWE-200
Medium · CVSS 5.3
EPSS 0.5% (66th pct)2023-05-01
Vulnerability · 2022-07-26
CVE-2020-36290
Patch
Unscored
EPSS 0.5% (64th pct)2022-07-26
Critical vulnerability · 2022-07-20
CVE-2022-26138
CISA KEV
Public exploit
CWE-798
Added to CISA KEV 2022-07-29
Critical · CVSS 9.3
EPSS 94.3% (100th pct)2022-07-20
High vulnerability · 2022-07-20
CVE-2022-26137
Patch
CWE-180
High · CVSS 8.8
EPSS 0.1% (31th pct)2022-07-20
Critical vulnerability · 2022-07-20
CVE-2022-26136
Patch
CWE-180
Critical · CVSS 9.8
EPSS 0.3% (55th pct)2022-07-20
Critical vulnerability · 2022-06-03
CVE-2022-26134
CISA KEV
Public exploit
Patch
CWE-917
Added to CISA KEV 2022-06-02
Critical · CVSS 9.3
EPSS 94.4% (100th pct)2022-06-03
High vulnerability · 2022-04-05
CVE-2021-39114
Patch
CWE-94
High · CVSS 8.8
EPSS 0.4% (59th pct)2022-04-05
High vulnerability · 2022-02-15
CVE-2021-43940
Patch
CWE-427
High · CVSS 7.8
EPSS 0.2% (36th pct)2022-02-15
Critical vulnerability · 2021-08-30
CVE-2021-26084
CISA KEV
Public exploit
Patch
CWE-917
Added to CISA KEV 2021-11-03
Critical · CVSS 10.0
EPSS 94.4% (100th pct)2021-08-30
Medium vulnerability · 2021-08-03
CVE-2021-26085
CISA KEV
Public exploit
Patch
CWE-425
Added to CISA KEV 2022-03-28
Medium · CVSS 6.9
EPSS 94.0% (100th pct)2021-08-03
Medium vulnerability · 2021-05-07
CVE-2020-29445
Patch
CWE-918
Medium · CVSS 4.3
EPSS 0.2% (44th pct)2021-05-07

Showing 30 of 52

Atlassian Confluence Server Vulnerabilities

Overview

Severity and exploitation

Affected versions and CVEs

Specific versions

Fixed in

Common weakness types

Disclosure activity by year

Other Atlassian products

Frequently asked questions

How many CVEs does Atlassian Confluence Server have?

How many Atlassian Confluence Server CVEs are in CISA KEV?

Are there public exploits for Atlassian Confluence Server vulnerabilities?

Which versions of Atlassian Confluence Server are affected?

What are the most common weakness types in Atlassian Confluence Server CVEs?

How many critical Atlassian Confluence Server vulnerabilities are there?

What is the average severity of Atlassian Confluence Server CVEs?

References

Track Atlassian Confluence Server vulnerabilities