| Bug | Description |
|---|
| CVE-2026-34481 | Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2. ... |
| CVE-2026-34479 | The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to ... |
| CVE-2026-34478 | Apache Log4j Core's Rfc5424Layout https://logging.apache.org/log4j/2. ... |
| CVE-2023-26464 | ** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppe ... |
| CVE-2022-23307 | CVE-2020-9493 identified a deserialization issue that was present in A ... |
| CVE-2022-23305 | By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as ... |
| CVE-2022-23302 | JMSSink in all versions of Log4j 1.x is vulnerable to deserialization ... |
| CVE-2021-44228 | Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2. ... |
| CVE-2021-4104 | JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted ... |
| CVE-2019-17571 | Included in Log4j 1.2 is a SocketServer class that is vulnerable to de ... |