Known Vulnerabilities for Apache Log4j API by Apache Software Foundation
Listed below are 7 of the newest known vulnerabilities associated with "Apache Log4j API" by "Apache Software Foundation".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-49844 json | Improper encoding of non-finite floating-point values during MapMessage JSON serialization in Apache Log4j API produces outpu... | Not Provided | 2026-07-10 | 2026-07-10 |
| CVE-2022-23307 json | CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a c... | Not Provided | 2022-01-18 | 2026-05-22 |
| CVE-2022-23305 json | By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inser... | Not Provided | 2022-01-18 | 2026-05-27 |
| CVE-2022-23302 json | JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to... | Not Provided | 2022-01-18 | 2026-05-22 |
| CVE-2021-45105 json | Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion fro... | Not Provided | 2021-12-18 | 2026-05-29 |
| CVE-2021-4104 json | JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j c... | Not Provided | 2021-12-14 | 2026-05-28 |
| CVE-2020-9488 json | Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to ... | Not Provided | 2020-04-27 | 2026-05-29 |