| Produkt | Wersja Podatna | Wersja poprawiona | Opis/Link | CVE ID | CVSS |
| Bamboo Data Center and Server | 12.0.0 do 12.0.1 11.0.0 do 11.0.8 10.2.0 do 10.2.12 (LTS) 10.1.0 do 10.1.1 10.0.0 do 10.0.3 9.6.0 do 9.6.20 (LTS) | 12.0.2 tylko Data Center 10.2.13 do 10.2.14 (LTS) rekomendowana do Data Center 9.6.21 do 9.6.22 (LTS) tylko dla Data Center | Race Condition at org.glassfish.jersey.core:jersey-client in Bamboo Data Center | CVE-2025-12383 | 9.4 |
| XXE (XML External Entity Injection) org.apache.tika:tika-core Dependency in Bamboo Data Center and Server | CVE-2025-54988 | 8.4 |
| DoS (Denial of Service) io.netty:netty-codec-http2 Dependency in Bamboo Data Center and Server | CVE-2025-55163 | 8.2 |
| SSRF (Server-Side Request Forgery) axios Dependency in Bamboo Data Center and Server | CVE-2025-27152 | 7.7 |
| Bitbucket Data Center and Server | 10.0.0 do 10.0.2 9.6.0 do 9.6.5 9.5.0 do 9.5.2 9.4.0 do 9.4.14 (LTS) 9.3.0 do 9.3.2 9.2.0 do 9.2.1 9.1.0 do 9.1.1 9.0.1 8.19.0 do 8.19.25 (LTS) 8.18.0 do 8.18.1 | 10.1.1 do 10.1.4 tylko Data Center 9.4.15 do 9.4.16 (LTS) tylko Data Center 8.19.26 do 8.19.27 (LTS) tylko Data Center | DoS (Denial of Service) com.fasterxml.jackson.core:jackson-core Dependency in Bitbucket Data Center and Server | CVE-2025-52999 | 8.7 |
| DoS (Denial of Service) org.apache.tomcat.embed:tomcat-embed-core Dependency in Bitbucket Data Center and Server | CVE-2024-38286 | 8.6 |
| DoS (Denial of Service) org.apache.tomcat.embed:tomcat-embed-core Dependency in Bitbucket Data Center and Server | CVE-2025-48989 | 7.5 |
| RCE (Remote Code Execution) org.apache.tomcat.embed:tomcat-embed-core Dependency in Bitbucket Data Center and Server | CVE-2025-55752 | 7.5 |
| Improper Authorization org.springframework:spring-core Dependency in Bitbucket Data Center and Server | CVE-2025-41249 | 7.5 |
| Confluence Data Center and Server | 10.2.0 do 10.2.1 (LTS) 10.1.0 do 10.1.2 10.0.2 do 10.0.3 9.5.1 do 9.5.4 9.4.0 do 9.4.1 9.3.1 do 9.3.2 9.2.0 do 9.2.12 (LTS) 9.1.0 do 9.1.1 9.0.1 do 9.0.3 8.9.0 do 8.9.8 8.8.0 do 8.8.1 8.5.6 do 8.5.31 (LTS) 7.19.19 do 7.19.30 (LTS) | 10.2.2 (LTS) rekomendowana tylko Data Center Data Center 9.2.13 (LTS) tylko Data Center | XXE (XML External Entity Injection) in Confluence Data Center and Server | CVE-2025-66516 | 10 |
| XXE (XML External Entity Injection) org.apache.jackrabbit:jackrabbit-spi-commons Dependency in Confluence Data Center and Server | CVE-2025-53689 | 8.8 |
| XXE (XML External Entity Injection) org.apache.tika:tika-core Dependency in Confluence Data Center and Server | CVE-2025-54988 | 8.4 |
| MITM (Man-in-the-Middle) org.postgresql:postgresql Dependency in Confluence Data Center and Server | CVE-2025-49146 | 8.2 |
| Crowd Data Center and Server | 7.1.0 do 7.1.2 6.3.0 do 6.3.3 | 7.1.3 rekomendowana tylko Data Center 6.3.4 tylko Data Center | XXE (XML External Entity Injection) org.apache.tika:tika-core Dependency in Crowd Data Center and Server | CVE-2025-54988 | 8.4 |
| XXE (XML External Entity Injection) in Crowd Data Center and Server | CVE-2026-21569 | 7.9 |
| DoS (Denial of Service) org.apache.commons:commons-fileupload2-core Dependency in Crowd Data Center and Server | CVE-2025-48976 | 7.5 |
| DoS (Denial of Service) org.apache.struts:struts2-core Dependency in Crowd Data Center and Server | CVE-2025-64775 | 7.5 |
| Jira Data Center and Server | 11.2.0 11.1.0 do 11.1.1 11.0.0 do 11.0.1 10.7.1 do 10.7.4 10.6.0 do 10.6.1 10.5.0 do 10.5.1 10.4.0 do 10.4.1 10.3.0 do 10.3.15 (LTS) 10.2.0 do 10.2.1 10.1.1 do 10.1.2 10.0.0 do 10.0.1 9.17.0 do 9.17.5 9.16.0 do 9.16.1 9.15.2 9.14.0 do 9.14.1 9.13.0 do 9.13.1 9.12.3 do 9.12.25 (LTS) | 11.3.0 do 11.3.1 (LTS) rekomendowany tylko Data Center 11.2.1 tylko Data Center 10.3.16 (LTS) tylko Data Center 9.12.26 do 9.12.31 (LTS) | DoS (Denial of Service) qs Dependency in Jira Software Data Center and Server | CVE-2025-15284 | 8.7 |
| DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Jira Software Data Center and Server | CVE-2025-52434 | 8.6 |
| DoS (Denial of Service) cross-spawn Dependency in Jira Software Data Center and Server | CVE-2024-21538 | 7.7 |
| DoS (Denial of Service) ansi-regex Dependency in Jira Software Data Center and Server | CVE-2021-3807 | 7.5 |
| Injection sha.js Dependency in Jira Data Center and Server | CVE-2025-9288 | 7.4 |
| Injection cipher-base Dependency in Jira Data Center and Server | CVE-2025-9287 | 7.4 |
| XSS (Cross Site Scripting) dompurify Dependency in Jira Software Data Center and Server | CVE-2024-45801 | 7.3 |
| Jira Service Management Data Center and Server | 11.3.0 (LTS) 11.2.0 11.1.0 do 11.1.1 11.0.0 do 11.0.1 10.7.1 do 10.7.4 10.6.0 do 10.6.1 10.5.0 do 10.5.1 10.4.0 do 10.4.1 10.3.0 do 10.3.15 (LTS) 10.2.0 do 10.2.1 10.1.1 do 10.1.2 10.0.0 do 10.0.1 5.17.0 do 5.17.5 5.16.0 do 5.16.1 5.15.2 5.14.0 do 5.14.1 5.13.0 do 5.13.1 5.12.3 do 5.12.28 (LTS) | 11.3.1 (LTS) rekomendowany tylko Data Center 11.2.1 tylko Data Center 10.3.16 (LTS) tylko Data Center 5.12.29 do 5.12.31 (LTS) | DoS (Denial of Service) qs Dependency in Jira Service Management Data Center and Server | CVE-2025-15284 | 8.7 |
| DoS (Denial of Service) cross-spawn Dependency in Jira Service Management Data Center and Server | CVE-2024-21538 | 7.7 |
| DoS (Denial of Service) ansi-regex Dependency in Jira Service Management Data Center and Server | CVE-2021-3807 | 7.5 |
| DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Jira Service Management Data Center and Server | CVE-2025-52434 | 7.5 |
| DoS (Denial of Service) semver Dependency in Jira Service Management Data Center | CVE-2022-25883 | 7.5 |
| DoS (Denial of Service) path-to-regexp Dependency in Jira Service Management Data Center and Server | CVE-2024-45296 | 7.5 |
| DoS (Denial of Service) org.codehaus.jettison:jettison Dependency Vulnerability in Jira Service Management Data Center and Server | CVE-2022-45693 | 7.5 |
| XSS (Cross Site Scripting) dompurify Dependency in Jira Service Management Data Center and Server | CVE-2024-45801 | 7.3 |
| Injection sha.js Dependency in Jira Service Management Data Center and Server | CVE-2025-9288 | 7.4 |
| Injection cipher-base Dependency in Jira Service Management Data Center and Server | CVE-2025-9287 | 7.4 |
