Kotlin vulnerabilities: known CVEs & security history

JetBrains · Language / Runtime · 6 tracked CVEs · 0 actively exploited · updated June 2026 · what is a CVE? →

This is the full list of known vulnerabilities (CVEs) across all Kotlin release lines — 6 in total. A CVE here doesn't mean your version is affected — check Kotlin's current status and the safe version to run.

known CVEs

actively exploited (KEV)

critical severity

ransomware-linked

Known Kotlin CVEs

Actively-exploited and most-severe first. Open any CVE for full details.

CVE	Severity	CVSS	EPSS	Year
CVE-2020-15824	high	8.8	2%	2020
CVE-2019-10103	high	8.1	1%	2019
CVE-2019-10102	high	8.1	1%	2019
CVE-2019-10101	high	8.1	2%	2019
CVE-2022-24329	medium	5.3	2%	2022
CVE-2020-29582	medium	5.3	3%	2021

Is my Kotlin version affected?

The list above spans every release. To know whether your version is affected — and the minimum safe version to upgrade to — check it directly.

Check your Kotlin version → · Monitor Kotlin for new CVEs →

Kotlin vulnerabilities — frequently asked

How many known vulnerabilities does Kotlin have?

IsItPatched tracks 6 CVEs for Kotlin. 0 are critical-severity and 4 high-severity. These span every release line — what matters is whether the version you run is affected.

Does Kotlin have any actively-exploited vulnerabilities?

None of Kotlin's tracked CVEs are currently in CISA's KEV catalog — but new ones can be added at any time, so keep your version current.

What is the most severe Kotlin vulnerability?

Among tracked issues, CVE-2020-15824 (HIGH, CVSS 8.8) ranks highest — a Improper privilege management weakness.

Is Kotlin safe to use?

It depends on the version. The latest supported Kotlin release (2.4.0) clears the known issues; older versions may still be affected. Check the exact version you run for a verdict.

CVE data aggregated from NVD, CISA KEV and EPSS (FIRST.org). Related: Kotlin security status · Kotlin end-of-life · actively-exploited CVEs. Always verify against JetBrains's advisories — see our disclaimer.