497 CVEs

34 in CISA KEV

Ivanti Vulnerabilities

CVE security advisories and vulnerability history for Ivanti.

497

Total CVEs

Published

34

In CISA KEV

Exploited in the wild

51

Public exploits

With known exploit

7.8

Avg CVSS

2016–2026

Overview

Ivanti has 497 published CVE records since 2016, of which 34 are in CISA's Known Exploited Vulnerabilities catalog and 51 have a known public exploit. The average CVSS base score across scored CVEs is 7.8.

This page aggregates every publicly disclosed vulnerability (CVE) affecting Ivanti products, with severity breakdowns, the most-affected products, the most common weakness types, and the latest disclosures.

Severity and exploitation

How the CVSS severity of Ivanti's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical88

High227

Medium82

Low0

100 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

34

34 of Ivanti's CVEs are confirmed exploited in the wild.

Public exploits

51

51 of Ivanti's CVEs have a known public exploit available.

Most affected products

The Ivanti products with the most published CVEs.

connect secure132 CVEs
Avalanche117 CVEs
Endpoint Manager116 CVEs
Policy Secure78 CVEs
Pulse Connect Secure47 CVEs
endpoint_manager45 CVEs
EPM33 CVEs
windows31 CVEs

Common weakness types

The CWE weakness categories most often found in Ivanti CVEs. Follow any weakness for its full explanation.

CNAs that assign these CVEs

The CVE Numbering Authorities that publish Ivanti CVE records.

Disclosure activity by year

How many Ivanti CVEs were published each year.

2019

28

2020

29

2021

27

2022

14

2023

76

2024

178

2025

105

2026

21

Latest Ivanti CVEs

The most recently disclosed vulnerabilities affecting Ivanti.

High vulnerability · 2026-06-01
CWE-284
High · CVSS 8.8
EPSS 0.4%2026-06-01
High vulnerability · 2026-05-22
CWE-295
High · CVSS 8.8
EPSS 0.1%2026-05-22
High vulnerability · 2026-05-12
CWE-89
High · CVSS 8.8
EPSS 0.4%2026-05-12
High vulnerability · 2026-05-12
CWE-732
High · CVSS 7.8
EPSS 0.0%2026-05-12
Medium vulnerability · 2026-05-12
CWE-749
Medium · CVSS 6.5
EPSS 0.1%2026-05-12
High vulnerability · 2026-05-12
CWE-78
High · CVSS 7.2
EPSS 1.5%2026-05-12
High vulnerability · 2026-05-12
CWE-362
High · CVSS 7.8
EPSS 0.0%2026-05-12
Medium vulnerability · 2026-05-12
CWE-732
Medium · CVSS 4.4
EPSS 0.0%2026-05-12
Critical vulnerability · 2026-05-12
CWE-73
Critical · CVSS 9.6
EPSS 0.1%2026-05-12
High vulnerability · 2026-05-07
CWE-295
High · CVSS 8.9
EPSS 0.1%2026-05-07
High vulnerability · 2026-05-07
CWE-284
High · CVSS 7.0
EPSS 0.3%2026-05-07
High vulnerability · 2026-05-07
CWE-295
High · CVSS 7.4
EPSS 0.1%2026-05-07

Track new Ivanti CVEs as they are disclosed and get AI-written analysis and remediation guidance.

Monitor Ivanti CVEs

Other vendors

Browse vulnerabilities for other tracked vendors.

gnome505 CVEs Lenovo502 CVEs xen499 CVEs ffmpeg494 CVEs AMD493 CVEs fabian483 CVEs openclaw483 CVEs Atlassian471 CVEs

Browse all vendors

Frequently asked questions

Common questions about Ivanti vulnerabilities.

How many CVEs does Ivanti have?

Ivanti has 497 published CVE records since 2016, including 126 in the last two years.

How many Ivanti CVEs are in CISA KEV?

Yes — 34 of Ivanti's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.

Which Ivanti products have the most CVEs?

The Ivanti products with the most published CVEs are connect secure, Avalanche, Endpoint Manager, Policy Secure, Pulse Connect Secure.

What are the most common weakness types in Ivanti CVEs?

Ivanti's CVEs most often map to these CWE weakness types: CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')), CWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')), CWE-434 (Unrestricted Upload of File with Dangerous Type), CWE-125 (Out-of-bounds Read).

Are there public exploits for Ivanti vulnerabilities?

Yes — 51 of Ivanti's CVEs have a known public exploit.

How many critical Ivanti vulnerabilities are there?

Ivanti has 88 critical and 227 high-severity CVEs.

What is the average severity of Ivanti CVEs?

The average CVSS base score across Ivanti's scored CVEs is 7.8.

References

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track Ivanti vulnerabilities

Monitor new Ivanti vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing