Synced 17 Jun 2026 22:27 UTC Account
← JFrog Artifactory

JFrog Artifactory vulnerabilities: known CVEs & security history

JFrog · Developer Tools · 32 tracked CVEs · 0 actively exploited · updated June 2026 · what is a CVE? →

This is the full list of known vulnerabilities (CVEs) across all JFrog Artifactory release lines — 32 in total. A CVE here doesn't mean your version is affected — check JFrog Artifactory's current status and the safe version to run.

32
known CVEs
0
actively exploited (KEV)
6
critical severity
0
ransomware-linked

Known JFrog Artifactory CVEs

Actively-exploited and most-severe first. Open any CVE for full details.

CVESeverityCVSSEPSSYear
CVE-2019-17444 critical 9.8 69% 2020
CVE-2018-19971 critical 9.8 3% 2019
CVE-2019-9733 critical 9.8 54% 2019
CVE-2016-10036 critical 9.8 26% 2018
CVE-2016-6501 critical 9.8 4% 2016
CVE-2023-42662 critical 9.3 0% 2024
CVE-2024-2247 high 8.8 1% 2024
CVE-2022-0573 high 8.8 2% 2022
CVE-2021-3860 high 8.8 1% 2021
CVE-2020-7931 high 8.8 5% 2020
CVE-2018-1000206 high 8.8 1% 2018
CVE-2018-1000424 high 7.8 0% 2019
CVE-2020-2165 high 7.5 1% 2020
CVE-2023-42661 high 7.2 1% 2024
CVE-2019-19937 high 7.2 1% 2020
CVE-2018-1000623 high 7.2 3% 2018
CVE-2023-42509 medium 6.6 0% 2024
CVE-2023-42508 medium 6.5 0% 2023
CVE-2020-2164 medium 6.5 1% 2020
CVE-2019-10324 medium 6.5 1% 2019
CVE-2021-45721 medium 6.1 0% 2022
CVE-2021-45730 medium 6 0% 2022
CVE-2022-0668 medium 5.3 1% 2023
CVE-2021-41834 medium 5.3 1% 2022
CVE-2021-46687 medium 4.9 1% 2022
CVE-2024-3505 medium 4.3 0% 2024
CVE-2021-45074 medium 4.3 1% 2022
CVE-2019-10323 medium 4.3 2% 2019
CVE-2019-10322 medium 4.3 2% 2019
CVE-2019-10321 medium 4.3 1% 2019
CVE-2021-23163 low 3.1 0% 2022
CVE-2021-46270 low 2.7 1% 2022

Is my JFrog Artifactory version affected?

The list above spans every release. To know whether your version is affected — and the minimum safe version to upgrade to — check it directly.

Check your JFrog Artifactory version → · Monitor JFrog Artifactory for new CVEs →

JFrog Artifactory vulnerabilities — frequently asked

How many known vulnerabilities does JFrog Artifactory have?

IsItPatched tracks 32 CVEs for JFrog Artifactory. 6 are critical-severity and 10 high-severity. These span every release line — what matters is whether the version you run is affected.

Does JFrog Artifactory have any actively-exploited vulnerabilities?

None of JFrog Artifactory's tracked CVEs are currently in CISA's KEV catalog — but new ones can be added at any time, so keep your version current.

What is the most severe JFrog Artifactory vulnerability?

Among tracked issues, CVE-2019-17444 (CRITICAL, CVSS 9.8) ranks highest — a CWE-521 weakness.

Is JFrog Artifactory safe to use?

It depends on the version. The latest supported JFrog Artifactory release (7.146.12) clears the known issues; older versions may still be affected. Check the exact version you run for a verdict.

CVE data aggregated from NVD, CISA KEV and EPSS (FIRST.org). Related: JFrog Artifactory security status · JFrog Artifactory end-of-life · actively-exploited CVEs. Always verify against JFrog's advisories — see our disclaimer.