Ivanti Connect Secure vulnerabilities: known CVEs & security history
Ivanti · Network / Security · 130 tracked CVEs · 14 actively exploited · updated June 2026 · what is a CVE? →
This is the full list of known vulnerabilities (CVEs) across all Ivanti Connect Secure release lines — 130 in total, with 14 actively exploited in the wild. A CVE here doesn't mean your version is affected — check Ivanti Connect Secure's current status and the safe version to run.
Known Ivanti Connect Secure CVEs
Actively-exploited and most-severe first. Showing the top 80 of 130. Open any CVE for full details.
| CVE | Severity | CVSS | EPSS | Year |
|---|---|---|---|---|
| CVE-2021-22893⚡ exploited | critical | 10 | 47% | 2021 |
| CVE-2019-11510⚡ exploited | critical | 10 | 100% | 2019 |
| CVE-2024-21887⚡ exploited | critical | 9.1 | 100% | 2024 |
| CVE-2025-22457⚡ exploited | critical | 9 | 100% | 2025 |
| CVE-2025-0282⚡ exploited | critical | 9 | 100% | 2025 |
| CVE-2021-22899⚡ exploited | high | 8.8 | 22% | 2021 |
| CVE-2021-22894⚡ exploited | high | 8.8 | 41% | 2021 |
| CVE-2024-21893⚡ exploited | high | 8.2 | 100% | 2024 |
| CVE-2023-46805⚡ exploited | high | 8.2 | 100% | 2024 |
| CVE-2021-22900⚡ exploited | high | 7.2 | 14% | 2021 |
| CVE-2020-8260⚡ exploited | high | 7.2 | 96% | 2020 |
| CVE-2020-8243⚡ exploited | high | 7.2 | 91% | 2020 |
| CVE-2020-8218⚡ exploited | high | 7.2 | 33% | 2020 |
| CVE-2019-11539⚡ exploited | high | 7.2 | 99% | 2019 |
| CVE-2016-4787 | critical | 10 | 2% | 2016 |
| CVE-2025-22467 | critical | 9.9 | 3% | 2025 |
| CVE-2024-21894 | critical | 9.8 | 19% | 2024 |
| CVE-2018-20813 | critical | 9.8 | 3% | 2019 |
| CVE-2018-20810 | critical | 9.8 | 2% | 2019 |
| CVE-2019-11540 | critical | 9.8 | 8% | 2019 |
| CVE-2018-6320 | critical | 9.8 | 4% | 2018 |
| CVE-2024-10644 | critical | 9.1 | 2% | 2025 |
| CVE-2024-11634 | critical | 9.1 | 2% | 2024 |
| CVE-2024-11633 | critical | 9.1 | 2% | 2024 |
| CVE-2024-39712 | critical | 9.1 | 2% | 2024 |
| CVE-2024-39711 | critical | 9.1 | 2% | 2024 |
| CVE-2024-39710 | critical | 9.1 | 2% | 2024 |
| CVE-2024-38656 | critical | 9.1 | 2% | 2024 |
| CVE-2024-11006 | critical | 9.1 | 2% | 2024 |
| CVE-2024-11005 | critical | 9.1 | 2% | 2024 |
| CVE-2024-11007 | critical | 9.1 | 2% | 2024 |
| CVE-2025-55145 | high | 8.9 | 1% | 2025 |
| CVE-2025-55147 | high | 8.8 | 1% | 2025 |
| CVE-2025-55142 | high | 8.8 | 1% | 2025 |
| CVE-2025-55141 | high | 8.8 | 1% | 2025 |
| CVE-2024-9420 | high | 8.8 | 1% | 2024 |
| CVE-2024-37404 | high | 8.8 | 67% | 2024 |
| CVE-2024-21888 | high | 8.8 | 87% | 2024 |
| CVE-2021-22908 | high | 8.8 | 69% | 2021 |
| CVE-2019-11509 | high | 8.8 | 8% | 2019 |
| CVE-2017-11455 | high | 8.8 | 1% | 2017 |
| CVE-2016-4791 | high | 8.6 | 2% | 2016 |
| CVE-2024-22024 | high | 8.3 | 95% | 2024 |
| CVE-2024-22053 | high | 8.2 | 4% | 2024 |
| CVE-2020-8206 | high | 8.1 | 3% | 2020 |
| CVE-2019-11213 | high | 8.1 | 3% | 2019 |
| CVE-2024-39709 | high | 7.8 | 0% | 2024 |
| CVE-2024-47906 | high | 7.8 | 0% | 2024 |
| CVE-2023-41720 | high | 7.8 | 1% | 2023 |
| CVE-2019-11538 | high | 7.7 | 7% | 2019 |
| CVE-2025-55148 | high | 7.6 | 1% | 2025 |
| CVE-2025-5462 | high | 7.5 | 1% | 2025 |
| CVE-2025-5456 | high | 7.5 | 1% | 2025 |
| CVE-2024-37401 | high | 7.5 | 1% | 2024 |
| CVE-2024-37377 | high | 7.5 | 2% | 2024 |
| CVE-2024-38649 | high | 7.5 | 2% | 2024 |
| CVE-2024-37400 | high | 7.5 | 2% | 2024 |
| CVE-2024-8495 | high | 7.5 | 1% | 2024 |
| CVE-2024-47907 | high | 7.5 | 1% | 2024 |
| CVE-2024-22052 | high | 7.5 | 4% | 2024 |
| CVE-2023-39340 | high | 7.5 | 2% | 2023 |
| CVE-2022-35258 | high | 7.5 | 3% | 2022 |
| CVE-2022-35254 | high | 7.5 | 3% | 2022 |
| CVE-2021-22965 | high | 7.5 | 2% | 2021 |
| CVE-2018-20809 | high | 7.5 | 3% | 2019 |
| CVE-2019-11477 | high | 7.5 | 99% | 2019 |
| CVE-2019-11541 | high | 7.5 | 4% | 2019 |
| CVE-2016-4786 | high | 7.5 | 2% | 2016 |
| CVE-2024-38655 | high | 7.2 | 2% | 2024 |
| CVE-2023-41719 | high | 7.2 | 3% | 2023 |
| CVE-2021-44720 | high | 7.2 | 2% | 2022 |
| CVE-2021-22938 | high | 7.2 | 2% | 2021 |
| CVE-2021-22937 | high | 7.2 | 8% | 2021 |
| CVE-2021-22935 | high | 7.2 | 2% | 2021 |
| CVE-2021-22934 | high | 7.2 | 5% | 2021 |
| CVE-2020-15352 | high | 7.2 | 3% | 2020 |
| CVE-2020-8219 | high | 7.2 | 2% | 2020 |
| CVE-2019-11508 | high | 7.2 | 15% | 2019 |
| CVE-2019-11542 | high | 7.2 | 67% | 2019 |
| CVE-2024-9844 | high | 7.1 | 1% | 2024 |
50 older / lower-severity CVEs not shown — see Ivanti Connect Secure's full record.
Is my Ivanti Connect Secure version affected?
The list above spans every release. To know whether your version is affected — and the minimum safe version to upgrade to — check it directly.
Check your Ivanti Connect Secure version → · Monitor Ivanti Connect Secure for new CVEs →
Ivanti Connect Secure vulnerabilities — frequently asked
How many known vulnerabilities does Ivanti Connect Secure have?
IsItPatched tracks 130 CVEs for Ivanti Connect Secure, 14 of which are actively exploited (CISA KEV). 22 are critical-severity and 59 high-severity. These span every release line — what matters is whether the version you run is affected.
Does Ivanti Connect Secure have any actively-exploited vulnerabilities?
Yes — 14 Ivanti Connect Secure CVEs are in CISA's Known Exploited Vulnerabilities catalog, meaning they are confirmed exploited in the wild (8 linked to ransomware). Patch these as a priority.
What is the most severe Ivanti Connect Secure vulnerability?
Among tracked issues, CVE-2021-22893 (CRITICAL, CVSS 10), which is actively exploited, ranks highest — a Improper authentication weakness.
Is Ivanti Connect Secure safe to use?
It depends on the version. The latest supported Ivanti Connect Secure release clears the known issues; older versions may still be affected. Check the exact version you run for a verdict.
CVE data aggregated from NVD, CISA KEV and EPSS (FIRST.org). Related: Ivanti Connect Secure security status · Ivanti Connect Secure end-of-life · actively-exploited CVEs. Always verify against Ivanti's advisories — see our disclaimer.