Known Vulnerabilities for Log4j by Apache
Listed below are 10 of the newest known vulnerabilities associated with "Log4j" by "Apache".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-49844 json | Improper encoding of non-finite floating-point values during MapMessage JSON serialization in Apache Log4j API produces outpu... | Not Provided | 2026-07-10 | 2026-07-10 |
| CVE-2026-34481 json | Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to ... | Not Provided | 2026-04-10 | 2026-07-11 |
| CVE-2026-34480 json | Not Provided | 2026-04-10 | 2026-04-24 | |
| CVE-2026-34479 json | Not Provided | 2026-04-10 | 2026-05-06 | |
| CVE-2026-34478 json | Not Provided | 2026-04-10 | 2026-04-24 | |
| CVE-2026-34477 json | Not Provided | 2026-04-10 | 2026-05-06 | |
| CVE-2023-26464 json | ** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an... | 7.5 - HIGH | 2023-03-10 | 2023-05-05 |
| CVE-2022-33915 json | Versions of the Amazon AWS Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3.5 are affected by a race co... | 7 - HIGH | 2022-06-17 | 2022-07-05 |
| CVE-2022-23307 json | CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a c... | 7 - HIGH | 2022-01-18 | 2026-05-22 |
| CVE-2022-23305 json | By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inser... | 7 - HIGH | 2022-01-18 | 2026-05-27 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Log4j | 2.9.1 | |||
| Application | Apache | Log4j | 2.9.0 | |||
| Application | Apache | Log4j | 2.9.0 | |||
| Application | Apache | Log4j | 2.8.2 | |||
| Application | Apache | Log4j | 2.8.2 | |||
| Application | Apache | Log4j | 2.8.1 | |||
| Application | Apache | Log4j | 2.8.1 | |||
| Application | Apache | Log4j | 2.8.1 | |||
| Application | Apache | Log4j | 2.8 | |||
| Application | Apache | Log4j | 2.8 | |||
| Application | Apache | Log4j | 2.8 | |||
| Application | Apache | Log4j | 2.7 | |||
| Application | Apache | Log4j | 2.7 | |||
| Application | Apache | Log4j | 2.7 | |||
| Application | Apache | Log4j | 2.7 | |||
| Application | Apache | Log4j | 2.6.2 | |||
| Application | Apache | Log4j | 2.6.2 | |||
| Application | Apache | Log4j | 2.6.2 | |||
| Application | Apache | Log4j | 2.6.1 | |||
| Application | Apache | Log4j | 2.6.1 |