Jira

This hub aggregates every CVE we track for Jira, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Jira.

• CVE-2025-31487The XWiki JIRA extension allows data leak through an XXE attack by using a fake JIRA server7.7Apr 3, 2025
• CVE-2019-15002An exploitable CSRF vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. The login form doesn’t require a CSRF token. As a result, an attacker can log a user into the system unde...4.3Feb 11, 2025
• CVE-2023-49673A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using att...8.8Nov 29, 2023
• CVE-2023-49653Jenkins Jira Plugin 3.11 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not en...6.5Nov 29, 2023
• CVE-2022-26137A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atla...8.8Jul 20, 2022
• CVE-2022-26136A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used b...9.8Jul 20, 2022
• CVE-2022-0540A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center ver...9.8Apr 20, 2022
• CVE-2022-29041Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored c...5.4Apr 12, 2022
• CVE-2021-43945Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (S...4.8Feb 28, 2022
• CVE-2021-43953Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to toggle the Thread Contention and CPU monitoring settings via a Cross-Site Request Forgery (CSRF)...4.3Feb 15, 2022
• CVE-2021-43947Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution (RCE) vulnerability in the Emai...7.2Jan 6, 2022
• CVE-2021-41312Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to enable and disable Issue Collectors on Jira Servi...7.5Nov 3, 2021
• CVE-2021-41308Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability...6.5Oct 26, 2021
• CVE-2021-41307Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and private filters via an Insecure Direct Object References ...7.5Oct 26, 2021
• CVE-2021-41306Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References (IDOR) vulnerability in...7.5Oct 26, 2021