FLAT-OOXWR (CVE-2026-34481)
OS Command Injection In org.apache.logging.log4j:log4j-layout-template-json
1.7
Low
Ecosystem: Maven
Package: org.apache.logging.log4j:log4j-layout-template-json
FLAT-K2XEU (CVE-2026-34479)
Lack of data validation In org.apache.logging.log4j:log4j-1.2-api
2.7
Low
Ecosystem: Maven
Package: org.apache.logging.log4j:log4j-1.2-api
FLAT-0OGPM (CVE-2026-34477)
Insecure digital certificates In org.apache.logging.log4j:log4j-core
1.7
Low
Ecosystem: Maven
Package: org.apache.logging.log4j:log4j-core
FLAT-LNH2E (CVE-2026-34478)
Log injection In org.apache.logging.log4j:log4j-core
2.7
Low
Ecosystem: Maven
Package: org.apache.logging.log4j:log4j-core
FLAT-KQ3BH (CVE-2026-34480)
OS Command Injection In org.apache.logging.log4j:log4j-core
2.7
Low
Ecosystem: Maven
Package: org.apache.logging.log4j:log4j-core
FLAT-CO1AU (DLA-4444-1)
Sensitive information stored in logs In apache-log4j2
1.0
Low
Ecosystem: Debian
Package: apache-log4j2
FLAT-WZEWZ (CVE-2025-68161)
Insecure digital certificates In org.apache.logging.log4j:log4j-core
1.7
Low
Ecosystem: Maven
Package: org.apache.logging.log4j:log4j-core
FLAT-LZGIM (MAL-2025-25523)
Use of software with malware In log4js-vue-log-bus
5.2
Medium
Ecosystem: Npm
Package: log4js-vue-log-bus
FLAT-9LYVT (CVE-2025-22232)
Authentication mechanism absence or evasion In log4j
1.7
Low
Ecosystem: RPM
Package: log4j
FLAT-ST0NK (CVE-2023-26464)
Asymmetric denial of service In log4j:log4j
6.6
Medium
Ecosystem: Maven
Package: log4j:log4j
FLAT-RI61W (DLA-3229-1)
Lack of data validation - Path Traversal In node-log4js
1.3
Low
Ecosystem: Debian
Package: node-log4js
FLAT-TMQFD (DLA-2905-1)
Lack of data validation - Path Traversal In apache-log4j1.2
2.7
Low
Ecosystem: Debian
Package: apache-log4j1.2
FLAT-DDFQ7 (CVE-2022-23302)
Insecure deserialization In log4j:log4j
6.3
Medium
Ecosystem: Maven
Package: log4j:log4j
FLAT-KOI5J (CVE-2022-23305)
SQL injection - Code In org.zenframework.z8.dependencies.commons:log4j-1.2.17
8.1
High
Ecosystem: Maven
Package: org.zenframework.z8.dependencies.commons:log4j-1.2.17
FLAT-FDNAX (CVE-2022-21704)
Insecure service configuration In log4js
4.3
Medium
Ecosystem: Npm
Package: log4js
FLAT-UT67P (CVE-2022-23307)
Insecure deserialization In org.zenframework.z8.dependencies.commons:log4j-1.2.17
6.3
Medium
Ecosystem: Maven
Package: org.zenframework.z8.dependencies.commons:log4j-1.2.17
FLAT-G6I0Y (CVE-2021-44832)
Lack of data validation In org.ops4j.pax.logging:pax-logging-log4j2
4.8
Medium
Ecosystem: Maven
Package: org.ops4j.pax.logging:pax-logging-log4j2
FLAT-52J4O (DLA-2870-1)
Lack of data validation - Path Traversal In apache-log4j2
1.3
Low
Ecosystem: Debian
Package: apache-log4j2
FLAT-8HM18 (DLA-2852-1)
Lack of data validation - Path Traversal In apache-log4j2
2.7
Low
Ecosystem: Debian
Package: apache-log4j2
FLAT-HW520 (CVE-2021-45105)
Lack of data validation In org.apache.logging.log4j:log4j-core
7.7
High
Ecosystem: Maven
Package: org.apache.logging.log4j:log4j-core
FLAT-2IIT4 (DSA-5024-1)
Lack of data validation - Path Traversal In apache-log4j2
1.3
Low
Ecosystem: Debian
Package: apache-log4j2
FLAT-3IFFP (DSA-5022-1)
Lack of data validation - Path Traversal In apache-log4j2
0.6
Low
Ecosystem: Debian
Package: apache-log4j2
FLAT-LJHB1 (CVE-2021-4104)
Insecure deserialization In org.zenframework.z8.dependencies.commons:log4j-1.2.17
5.2
Medium
Ecosystem: Maven
Package: org.zenframework.z8.dependencies.commons:log4j-1.2.17
FLAT-L0U75 (CVE-2021-45046)
Insecure deserialization In apache-log4j2
8.4
High
Ecosystem: Debian
Package: apache-log4j2
FLAT-T2NGM (DLA-2842-1)
Lack of data validation - Path Traversal In apache-log4j2
2.7
Low
Ecosystem: Debian
Package: apache-log4j2
FLAT-9P2TY (DSA-5020-1)
Lack of data validation - Path Traversal In apache-log4j2
1.3
Low
Ecosystem: Debian
Package: apache-log4j2
FLAT-25GHO (GHSA-xxfh-x98p-j8fr)
Server side template injection In org.ops4j.pax.logging:pax-logging-log4j2
2.7
Low
Ecosystem: Maven
Package: org.ops4j.pax.logging:pax-logging-log4j2
FLAT-QC9P8 (CVE-2021-44228)
Remote command execution In apache-log4j2
9.1
Critical
Ecosystem: Debian
Package: apache-log4j2
FLAT-AV823 (CVE-2020-9488)
Insecure digital certificates In org.apache.logging.log4j:log4j
1.7
Low
Ecosystem: Maven
Package: org.apache.logging.log4j:log4j
FLAT-LDNOX (DSA-4686-1)
Lack of data validation - Path Traversal In apache-log4j1.2
1.3
Low
Ecosystem: Debian
Package: apache-log4j1.2
FLAT-N70MJ (DLA-2065-1)
Lack of data validation - Path Traversal In apache-log4j1.2
2.7
Low
Ecosystem: Debian
Package: apache-log4j1.2
FLAT-S1J8B (CVE-2019-17571)
Insecure deserialization In org.zenframework.z8.dependencies.commons:log4j-1.2.17
8.1
High
Ecosystem: Maven
Package: org.zenframework.z8.dependencies.commons:log4j-1.2.17
FLAT-BZGEG (CVE-2017-5645)
Insecure deserialization In org.apache.logging.log4j:log4j
8.1
High
Ecosystem: Maven
Package: org.apache.logging.log4j:log4j