Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,010
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,403
Swift
61
Unreviewed advisories
All unreviewed
5,000+

10 advisories

Loading
Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout Moderate
CVE-2026-34481 was published for org.apache.logging.log4j:log4j-layout-template-json (Maven) Apr 10, 2026
ppkarwasz Credited to ppkarwasz
Apache Log4j 1 to Log4j 2 bridge: silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0 forbidden characters Moderate
CVE-2026-34479 was published for org.apache.logging.log4j:log4j-1.2-api (Maven) Apr 10, 2026
ppkarwasz Credited to ppkarwasz
Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration Moderate
CVE-2026-34477 was published for org.apache.logging.log4j:log4j-core (Maven) Apr 10, 2026
ppkarwasz Credited to ppkarwasz
Apache Log4j Core: log injection in `Rfc5424Layout` due to silent configuration incompatibility Moderate
CVE-2026-34478 was published for org.apache.logging.log4j:log4j-core (Maven) Apr 10, 2026
ppkarwasz Credited to ppkarwasz
Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters Moderate
CVE-2026-34480 was published for org.apache.logging.log4j:log4j-core (Maven) Apr 10, 2026
ppkarwasz Credited to ppkarwasz
Apache Log4j does not verify the TLS hostname in its Socket Appender Moderate
CVE-2025-68161 was published for org.apache.logging.log4j:log4j-core (Maven) Dec 18, 2025
ppkarwasz Credited to ppkarwasz
Improper Input Validation and Injection in Apache Log4j2 Moderate
CVE-2021-44832 was published for org.apache.logging.log4j:log4j-core (Maven) Jan 4, 2022
ppkarwasz Credited to ppkarwasz
Apache Log4j2 vulnerable to Improper Input Validation and Uncontrolled Recursion High
CVE-2021-45105 was published for org.apache.logging.log4j:log4j-core (Maven) Dec 18, 2021
chrisbloom7 Credited to chrisbloom7, levinebw, and ppkarwasz levinebw levinebw
ppkarwasz ppkarwasz
Incomplete fix for Apache Log4j vulnerability Critical
CVE-2021-45046 was published for org.apache.logging.log4j:log4j-core (Maven) Dec 14, 2021
mrjonstrong Credited to mrjonstrong, afdesk, and ppkarwasz afdesk afdesk
ppkarwasz ppkarwasz
Remote code injection in Log4j Critical
CVE-2021-44228 was published for com.guicedee.services:log4j-core (Maven) Dec 10, 2021
ppkarwasz Credited to ppkarwasz
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database