Atlassian Security Vulnerabilities (CVEs)
Track 60 security vulnerabilities affecting Atlassian products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This XXE vulnerability in Crowd Data Center and Server allows authenticated attackers to read local files and potentially access remote content via XM...
Jan 28, 2026Jira Align has an authorization vulnerability where low-privilege users can access endpoints they shouldn't, potentially viewing sensitive information...
Oct 22, 2025Jira Align has an authorization vulnerability where low-privilege users can access endpoints they shouldn't, potentially viewing sensitive information...
Oct 22, 2025Jira Align has an authorization vulnerability where low-privilege users can access endpoints they shouldn't, potentially viewing sensitive information...
Oct 22, 2025Jira Align has an authorization vulnerability where low-privilege users can access endpoints they shouldn't, potentially viewing sensitive information...
Oct 22, 2025Jira Align has an authorization vulnerability where low-privilege users can access endpoints they shouldn't, potentially exposing sensitive informatio...
Oct 22, 2025Jira Align has an authorization bypass vulnerability where low-privilege users can perform actions they shouldn't by including a state-related paramet...
Oct 22, 2025Jira Align has an authorization vulnerability where low-privilege users can modify other users' private checklists. This allows unauthorized data mani...
Oct 22, 2025Jira Align has an authorization vulnerability where low-privilege users can access endpoints they shouldn't, potentially exposing sensitive informatio...
Oct 22, 2025Jira Align has an authorization vulnerability where low-privilege users can access endpoints they shouldn't, potentially viewing sensitive sprint data...
Oct 22, 2025Jira Align has an authorization vulnerability where low-privilege users can access endpoints they shouldn't, potentially viewing sensitive information...
Oct 22, 2025Jira Align has an authorization vulnerability where low-privilege users can access endpoints they shouldn't, potentially viewing or modifying limited ...
Oct 22, 2025This high-severity Denial of Service vulnerability in Confluence Data Center allows attackers to make resources unavailable to legitimate users by dis...
Oct 21, 2025Agiloft Release 28 contains an XML External Entities (XXE) vulnerability in import/export functionality that allows authenticated attackers to perform...
Aug 26, 2025Agiloft Release 28 contains a template injection vulnerability in its EUI template engine that allows authenticated attackers to execute arbitrary cod...
Aug 26, 2025Agiloft Release 28 contains default credential accounts that could allow attackers to escalate privileges locally. The password hash is known and crac...
Aug 26, 2025This CVE-2025-22165 is a Medium severity Arbitrary Code Execution vulnerability in Sourcetree for Mac that allows a locally authenticated attacker to ...
Jul 24, 2025This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Jira, where the login form lacks a CSRF token, allowing attackers to...
Feb 11, 2025This is a high-severity remote code execution vulnerability in Sourcetree Git clients that allows attackers to execute arbitrary code on affected syst...
Nov 19, 2024This high-severity vulnerability in Confluence Data Center and Server allows unauthenticated attackers to execute reflected XSS attacks and CSRF attac...
Aug 21, 2024This is an open redirect vulnerability in Bitbucket Data Center that allows unauthenticated attackers to redirect users to arbitrary websites after lo...
Jul 24, 2024This is a stored cross-site scripting (XSS) vulnerability in Confluence Data Center and Server that allows authenticated attackers to inject malicious...
Jul 16, 2024This is a high-severity remote code execution vulnerability in Confluence Data Center and Server that allows authenticated attackers to execute arbitr...
May 21, 2024This is a high-severity path traversal vulnerability (CWE-22) in Confluence Data Center and Server that allows unauthenticated attackers to access or ...
Mar 19, 2024This high-severity injection vulnerability (CWE-94) in Assets Discovery versions 1.0 through 6.2.0 allows authenticated attackers to modify system cal...
Feb 20, 2024This is a high-severity denial-of-service vulnerability in Confluence Data Center and Server that allows unauthenticated attackers to disrupt service ...
Jan 16, 2024This is a critical template injection vulnerability (CWE-74) in older Confluence Data Center and Server versions that allows unauthenticated attackers...
Jan 16, 2024This is a high-severity Remote Code Execution vulnerability in Atlassian Confluence Data Center and Server that allows authenticated attackers to exec...
Jan 16, 2024This is a high-severity remote code execution vulnerability in Confluence Data Center and Server that allows authenticated attackers to execute arbitr...
Jan 16, 2024This vulnerability allows remote attackers to execute arbitrary code on macOS systems running vulnerable versions of the Atlassian Companion App. Atta...
Dec 6, 2023This is a template injection vulnerability in Confluence Data Center and Server that allows authenticated attackers (including anonymous users) to inj...
Dec 6, 2023This is a high-severity remote code execution vulnerability in Atlassian Bamboo Data Center and Server that allows authenticated attackers to execute ...
Nov 21, 2023CVE-2023-22518 is an improper authorization vulnerability in Confluence Data Center and Server that allows unauthenticated attackers to reset the appl...
Oct 31, 2023CVE-2023-22515 is a critical vulnerability in Atlassian Confluence Data Center and Server that allows unauthenticated attackers to create administrato...
Oct 4, 2023This is a high-severity remote code execution vulnerability in Bitbucket Data Center and Server that allows authenticated attackers to execute arbitra...
Sep 19, 2023CVE-2023-22508 is a high-severity remote code execution vulnerability in Confluence Data Center & Server that allows authenticated attackers to execut...
Jul 18, 2023This authentication vulnerability in Jira Service Management allows attackers to impersonate users and gain unauthorized access by intercepting signup...
Feb 1, 2023This vulnerability allows remote unauthenticated attackers to bypass Servlet Filters in multiple Atlassian products, potentially leading to authentica...
Jul 20, 2022The Atlassian Questions For Confluence app creates a default user account with a hardcoded password, allowing remote unauthenticated attackers to log ...
Jul 20, 2022CVE-2022-26134 is a critical OGNL injection vulnerability in Atlassian Confluence Server and Data Center that allows unauthenticated attackers to exec...
Jun 3, 2022This vulnerability allows remote, unauthenticated attackers to execute arbitrary code on Atlassian Bitbucket Data Center instances via Java deserializ...
Apr 20, 2022This vulnerability allows remote attackers to browse local files on Atlassian Fisheye and Crucible servers via an Insecure Direct Object Reference (ID...
Mar 16, 2022CVE-2021-43958 allows remote attackers to brute force user credentials in Atlassian Fisheye and Crucible by bypassing CAPTCHA protection on REST endpo...
Mar 16, 2022This vulnerability allows remote attackers with system administrator permissions in Atlassian Jira Server and Data Center to execute arbitrary code vi...
Mar 8, 2022This CVE describes a DLL hijacking vulnerability in Atlassian Confluence Server and Data Center installers on Windows. Authenticated local attackers c...
Feb 15, 2022This vulnerability allows remote attackers with administrator privileges in Atlassian Jira Server and Data Center to execute arbitrary code via the Em...
Jan 6, 2022This vulnerability allows attackers with revoked administrator accounts to modify project Users & Roles settings in Atlassian Jira Server and Data Cen...
Dec 8, 2021This vulnerability allows anonymous remote attackers to view private project and filter names in Atlassian Jira Server and Data Center via an Insecure...
Oct 26, 2021This vulnerability allows unauthenticated remote attackers to view names of private projects and filters in Atlassian Jira Server and Data Center via ...
Oct 26, 2021CVE-2020-18683 is an input validation vulnerability in Floodlight SDN controller's StaticFlowEntryPusherResource.java that allows attackers to execute...
Sep 30, 2021Why Monitor Atlassian Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 60+ known vulnerabilities affecting Atlassian products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Atlassian packages in under 60 seconds. No agents required - completely agentless scanning that works across Atlassian deployments.
Free vulnerability database: Access detailed information about every Atlassian CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Atlassian CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
