Org.apache.logging.log4j:log4j
This hub aggregates every CVE we track for Org.apache.logging.log4j:log4j, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
2
CVEs tracked
1
Critical
0
High
0
In CISA KEV
Severity distribution
LOW1CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 2 most recently published vulnerabilities affecting Org.apache.logging.log4j:log4j.
- CVE-2020-9488Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log me...3.7
- CVE-2017-5645In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent tha...9.8
Product normalization is registry-driven with AI assist and human review. How it works