Atlassian Bitbucket ↗
Atlassian · Infrastructure
85/100 Good
Summary iPlain-English security verdict for Atlassian Bitbucket, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.
Atlassian Bitbucket currently scores 85/100 — good. 1 actively-exploited vulnerability (CISA KEV) affects older releases (e.g. CVE-2022-36804) — staying on the latest supported version keeps you clear of it. It's largely safe; apply minor updates as they appear. Note: this product is assessed at the product level on recent (365-day) activity rather than an exact per-version match, so it is never marked a confident "healthy".
Disclosure trend iNew CVEs published for Atlassian Bitbucket each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.
'19
'20
'21
'22
'23
'24
'25
'26
Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.
Most urgent first — actively exploited, then likeliest to be exploited.
CVE-2022-36804 HIGH ● exploited OS command injection EPSS 94% → fixed in 8.2.2 CVE-2022-43781 CRITICAL Command injection EPSS 87% → fixed in 8.4.2 CVE-2019-15000 CRITICAL OS command injection EPSS 11% → fixed in 6.5.2 CVE-2019-3397 CRITICAL Path traversal EPSS 5% → fixed in 6.1.2 CVE-2018-5225 CRITICAL CWE-59 EPSS 3% → fixed in 5.8.2 CVE-2022-26136 CRITICAL CWE-180 EPSS 0% → fixed in 7.21.2ℹ product-level posture (last 365d); exact per-version verdict pending precise version mapping