Security context
What an agent needs to avoid regressing past fixes — and find the next bug in this project.
Log4j
apache/logging-log4j2 The Java logging library behind Log4Shell.
Maven · org.apache.logging.log4j:log4j-core
11
Advisories
11
CVEs
Critical
Peak severity
8
With fix diff
Distribution
By severity
Critical
3
High
2
Medium
5
Low
1
By weakness class
Other
4
Improper Validation
3
Deserialization
2
Improper Encoding
1
Denial of Service
1
Every fixed vulnerability (11)
Critical3 fixed
High2 fixed
Medium5 fixed
MediumApache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden charactersCVE-2026-344803mo agoMediumApache Log4j Core: log injection in `Rfc5424Layout` due to silent configuration incompatibilityCVE-2026-344783mo agoMediumApache Log4j Core: `verifyHostName` attribute silently ignored in TLS configurationCVE-2026-344773mo agoMediumApache Log4j does not verify the TLS hostname in its Socket AppenderCVE-2025-681617mo agoMediumImproper Input Validation and Injection in Apache Log4j2CVE-2021-448324y ago