Every CVE whose affected-product data names Runatlantis Atlantis, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2024-52009 — CVSS 9.8 (critical): Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. Atlantis logs contains GitHub…
CVE-2022-24912 — CVSS 7.5 (high): The package github.com/runatlantis/atlantis/server/controllers/events before 0.19.7 are vulnerable to Timing Attack in the webhook event…
CVE-2025-58445 — CVSS 7.5 (high): Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly…