org.apache.logging.log4j:log4j-core vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-34478Mediumorg.apache.logging.log4j:log4j-core: Apache Log4j Core: log injection in `Rfc5424Layout` due to silent configuration incompatibilityCVE-2026-34480Mediumorg.apache.logging.log4j:log4j-core: Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden charactersCVE-2026-34477Mediumorg.apache.logging.log4j:log4j-core: Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configurationCVE-2025-68161Mediumorg.apache.logging.log4j:log4j-core: Apache Log4j does not verify the TLS hostname in its Socket AppenderCVE-2023-26464Highorg.apache.logging.log4j:log4j-core: Apache Log4j 1.x (EOL) allows Denial of Service (DoS)CVE-2021-44832Mediumorg.apache.logging.log4j:log4j-core: Improper Input Validation and Injection in Apache Log4j2CVE-2021-45105Highorg.apache.logging.log4j:log4j-core: Apache Log4j2 vulnerable to Improper Input Validation and Uncontrolled RecursionCVE-2021-45046Criticalorg.apache.logging.log4j:log4j-core: Incomplete fix for Apache Log4j vulnerabilityCVE-2021-44228Criticalorg.apache.logging.log4j:log4j-core: Remote code injection in Log4jCVE-2020-9488Loworg.apache.logging.log4j:log4j: Improper validation of certificate with host mismatch in Apache Log4j SMTP appenderCVE-2017-5645Criticalorg.apache.logging.log4j:log4j: Deserialization of Untrusted Data in Log4j

Stop the waste.
Protect your environment with Kodem.