Launch Week Day 1: Announcing Security Design Review
Start for Free
maven

org.apache.logging.log4j:log4j-core

View on maven registry
11 Total advisories
11 Vulnerabilities
0 Malware

Vulnerabilities

MEDIUM 6.6
Maven

CVE-2021-44832

Improper Input Validation and Injection in Apache Log4j2
LOW 3.7
Maven

CVE-2020-9488

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender
HIGH 8.6
Maven

CVE-2021-45105

Apache Log4j2 vulnerable to Improper Input Validation and Uncontrolled Recursion
UNKNOWN
Maven

CVE-2026-34478

Apache Log4j Core: log injection in `Rfc5424Layout` due to silent configuration incompatibility
UNKNOWN
Maven

CVE-2026-34477

Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration
UNKNOWN
Maven

CVE-2026-34480

Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters
UNKNOWN
Maven

CVE-2025-68161

Apache Log4j does not verify the TLS hostname in its Socket Appender
CRITICAL 9.0
Maven KEV

CVE-2021-45046

Incomplete fix for Apache Log4j vulnerability
CRITICAL 10.0
Maven KEV

CVE-2021-44228

Remote code injection in Log4j
HIGH 7.5
Maven

CVE-2023-26464

Apache Log4j 1.x (EOL) allows Denial of Service (DoS)
CRITICAL 9.8
Maven

CVE-2017-5645

Deserialization of Untrusted Data in Log4j

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes