Apache log4j
This hub aggregates every CVE we track for Apache log4j, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
4
CVEs tracked
2
Critical
1
High
1
In CISA KEV
Severity distribution
CRITICAL2LOW1HIGH1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 4 most recently published vulnerabilities affecting Apache log4j.
- CVE-2023-26464Apache Log4j 1.x (EOL) allows DoS in Chainsaw and SocketAppender7.5
- CVE-2021-45046Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attackKEV9.0
- CVE-2020-9488Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log me...3.7
- CVE-2017-5645In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent tha...9.8
Product normalization is registry-driven with AI assist and human review. How it works