Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

org.apache.logging.log4j:log4j-core

Ecosystem:
maven
Package URL:
pkg:maven/org.apache.logging.log4j:log4j-core
Total PRs:
1,110 Dependabot PRs
Latest PR:
4 days ago
Unique Repositories:
555 repositories
Unique Repos (30 days):
20 repositories
Security Advisories
Apache Log4j Core: log injection in `Rfc5424Layout` due to silent configuration incompatibility
GHSA-445c-vh5m-36rj CVE-2026-34478 MODERATE published about 2 months ago • updated 3 days ago
Apache Log4j Core's [`Rfc5424Layout`](https://logging.apache.org/log4j/2.x/manual/layouts.html#RFC5424Layout), in versions 2.21.0 through 2.25.3, i...
Apache Log4j does not verify the TLS hostname in its Socket Appender
GHSA-vc5p-v9hr-52mj CVE-2025-68161 MODERATE published 6 months ago • updated 5 days ago
The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even...
Apache Log4j2 vulnerable to Improper Input Validation and Uncontrolled Recursion
GHSA-p6xc-xr62-6r2g CVE-2021-45105 HIGH published over 4 years ago • updated 2 days ago
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not protect from uncontrolled recursion from self-referential lookups. This...
Improper Input Validation and Injection in Apache Log4j2
GHSA-8489-44mv-ggj8 CVE-2021-44832 MODERATE published over 4 years ago • updated 2 days ago
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to an attack where an attacker wi...
Incomplete fix for Apache Log4j vulnerability
GHSA-7rjr-3q55-vv33 CVE-2021-45046 CRITICAL published over 4 years ago • updated 2 days ago
# Impact The fix to address [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228) in Apache Log4j 2.15.0 was incomplete in certain non...
View all 10 advisories
Recent PRs
RSS Feed
Bump org.apache.logging.log4j:log4j-core from 2.25.2 to 2.25.4

IGE-122979/DiscoveriesBattleshipGame #8

2.25.2 → 2.25.4 Patch PR
Open 4 days ago 1 comment
IGE-122979
Bump the production-dependencies group across 1 directory with 21 updates

nitrite/nitrite-java #1241

2.25.4 → 2.26.0 Minor PR
Open 9 days ago 1 comment
nitrite
bump(deps): Bump org.apache.logging.log4j:log4j-core from 2.14.1 to 2.26.0

jcequispe/demo-utilities-jakarta #7

2.14.1 → 2.26.0 Minor PR
Open 9 days ago 1 comment
jcequispe
Bump the gradle group across 1 directory with 19 updates

smithy-lang/smithy-java #1204

2.25.4 → 2.26.0 Minor PR
Closed 12 days ago 1 comment
smithy-lang
chore(deps): bump the maven-production group across 1 directory with 16 updates

DrakesCraft-Labs/drakes-slimefun-labs #32

2.25.4 → 2.26.0 Minor PR
Open 14 days ago 2 comments
DrakesCraft-Labs
build(deps): bump the bag-of-cats group across 1 directory with 28 updates

steffenaxer/matsim-libs #74

2.25.4 → 2.26.0 Minor PR
Closed 15 days ago 1 comment
steffenaxer
Bump the maven group across 8 directories with 10 updates

vicaya/pulsar #9

2.10.0 → 2.25.4 Minor PR
Closed 16 days ago 1 comment
vicaya
Bump the maven group across 7 directories with 16 updates

vishakha-mali/dubbo #7

2.24.3 → 2.25.4 Minor PR
Closed 16 days ago 1 comment
vishakha-mali
Bump the all-maven-deps group across 2 directories with 21 updates

craftercms/craftercms #8686

2.25.4 → 2.26.0 Minor PR
Closed 16 days ago 1 comment
craftercms
chore(deps): bump the maven-minor-patch group with 165 updates

open-metadata/OpenMetadata #28193

2.25.4 → 2.26.0 Minor PR
Open 19 days ago 1 comment
open-metadata
Bump org.apache.logging.log4j:log4j-core from 2.16.0 to 2.25.4

yogeshshah-1/distributed_crawler_scheduler #2

2.16.0 → 2.25.4 Minor PR
Closed 19 days ago 1 comment
yogeshshah-1
Bump the maven-security-updates group across 1 directory with 5 updates

rblument/DpTuApp #178

2.25.4 → 2.26.0 Minor PR
Closed 20 days ago 2 comments
rblument
[12.1.x EE10] Bump the dev-dependencies group across 1 directory with 8 updates

jetty/jetty.project #15079

2.25.4 → 2.26.0 Minor PR
Open 21 days ago 1 comment
jetty
Bump the gradle group with 15 updates

smithy-lang/smithy-java #1175

2.25.4 → 2.26.0 Minor PR
Closed 22 days ago 4 comments
smithy-lang
Bump the all-maven-deps group across 2 directories with 19 updates

craftercms/craftercms #8675

2.25.4 → 2.26.0 Minor PR
Closed 22 days ago 1 comment
craftercms
[12.1.x EE10] Bump the dev-dependencies group across 1 directory with 7 updates

jetty/jetty.project #15065

2.25.4 → 2.26.0 Minor PR
Closed 23 days ago 1 comment
jetty
Bump org.apache.logging.log4j:log4j-core from 2.25.4 to 2.26.0

conorheffron/shoppingcart-java #136

2.25.4 → 2.26.0 Minor PR
Closed 24 days ago 2 comments
conorheffron
chore(deps): bump the gradle-dependencies group across 1 directory with 11 updates

AllayMC/Allay #881

2.25.4 → 2.26.0 Minor PR
Open 26 days ago 1 comment
AllayMC
build(deps): bump the safe-updates group across 1 directory with 4 updates

TiJaWo68/LogSyncPro #18

2.25.4 → 2.26.0 Minor PR
Closed 26 days ago 1 comment
TiJaWo68
[12.0.x EE10] Bump the dev-dependencies group across 1 directory with 16 updates

jetty/jetty.project #15029

2.25.4 → 2.26.0 Minor PR
Open 27 days ago 2 comments
jetty
[12.0.x Root pom] Bump the dev-dependencies group across 1 directory with 17 updates

jetty/jetty.project #15027

2.25.4 → 2.26.0 Minor PR
Open 27 days ago 2 comments
jetty
chore(deps-dev): bump org.apache.logging.log4j:log4j-core from 2.25.4 to 2.26.0

sventorben/keycloak-home-idp-discovery #640

2.25.4 → 2.26.0 Minor PR
Closed 27 days ago 1 comment
sventorben
Bump org.apache.logging.log4j:log4j-core from 2.25.4 to 2.26.0

Abdelrhman-Ellithy/Ellithium #338

2.25.4 → 2.26.0 Minor PR
Open 27 days ago 1 comment
Abdelrhman-Ellithy
chore(deps): Bump the maven group across 2 directories with 7 updates

saytyarnorngloreia/risingwave #7

2.24.3 → 2.25.4 Minor PR
Closed 28 days ago 1 comment
saytyarnorngloreia
Bump the all group across 2 directories with 24 updates

apache/logging-log4j-samples #396

2.25.2 → 2.25.4 Patch PR
Closed about 1 month ago 1 comment
apache
Bump the all group across 1 directory with 19 updates

arturobernalg/httpcomponents-client #17

2.25.3 → 2.25.4 Patch PR
Closed about 1 month ago 1 comment
arturobernalg
chore(deps): Bump the all group across 1 directory with 55 updates

risingwavelabs/risingwave #25530

2.25.3 → 2.25.4 Patch PR
Closed about 1 month ago 1 comment
risingwavelabs
Bump the maven group across 18 directories with 24 updates

abrahem79/glowroot #5

2.12.0 → 2.25.4 Minor PR
Open about 1 month ago 2 comments
abrahem79
Bump the maven group across 11 directories with 16 updates

GizzZmo/dubbo #4

2.20.0 → 2.25.4 Minor PR
Closed about 1 month ago 1 comment
GizzZmo
Bump org.apache.logging.log4j:log4j-core from 2.25.3 to 2.25.4 in /javamelody-test-webapp

javamelody/javamelody #1296

2.25.3 → 2.25.4 Patch PR
Closed about 2 months ago 2 comments
javamelody
chore(deps): Bump org.apache.logging.log4j:log4j-core from 2.25.3 to 2.25.4 in /presto-pinot-toolkit

prestodb/presto #27580

2.25.3 → 2.25.4 Patch PR
Open about 2 months ago 1 comment
prestodb
Bump org.apache.logging.log4j:log4j-core from 2.25.3 to 2.25.4 in /Persistence/org.egovframe.rte.psl.reactive.cassandra

eGovFramework/egovframe-runtime #213

2.25.3 → 2.25.4 Patch PR
Closed about 2 months ago 1 comment
eGovFramework
Bump org.apache.logging.log4j:log4j-core from 2.25.3 to 2.25.4 in /javamelody-swing

javamelody/javamelody #1295

2.25.3 → 2.25.4 Patch PR
Closed about 2 months ago 2 comments
javamelody
Bump org.apache.logging.log4j:log4j-core from 2.25.3 to 2.25.4 in /distribution/examples/extending-membrane/embedding-java

membrane/api-gateway #2916

2.25.3 → 2.25.4 Patch PR
Open about 2 months ago 1 comment
membrane
Bump the maven group across 14 directories with 3 updates

henning-gerhardt/kitodo-production #224

2.25.3 → 2.25.4 Patch PR
Open about 2 months ago 1 comment
henning-gerhardt
chore(deps): bump the maven group across 2 directories with 2 updates

mihkels/open-messaging-benchmark #8

2.25.3 → 2.25.4 Patch PR
Closed about 2 months ago 1 comment
mihkels
chore(deps): bump the maven group across 8 directories with 2 updates

Talend/component-runtime #1200

2.25.3 → 2.25.4 Patch PR
Closed about 2 months ago 1 comment
Talend
build(deps): bump org.apache.logging.log4j:log4j-core from 2.24.3 to 2.25.4

lzaoral/JCProfilerNext #139

2.24.3 → 2.25.4 Minor PR
Open about 2 months ago 3 comments
lzaoral
Bump the maven group across 12 directories with 10 updates

AKJUS/YCSB #59

2.7 → 2.25.4
Open about 2 months ago 1 comment
AKJUS
chore(deps): bump the gradle-dependencies group across 1 directory with 8 updates

AllayMC/Allay #871

2.25.3 → 2.25.4 Patch PR
Open about 2 months ago 1 comment
AllayMC
chore(deps): Bump org.apache.logging.log4j:log4j-core from 2.25.3 to 2.25.4 in /presto-pinot

prestodb/presto #27564

2.25.3 → 2.25.4 Patch PR
Open about 2 months ago 3 comments
prestodb
Bump org.apache.logging.log4j:log4j-core from 2.25.3 to 2.25.4

beehive-lab/TornadoVM #827

2.25.3 → 2.25.4 Patch PR
Open about 2 months ago 1 comment
beehive-lab
Bump org.apache.logging.log4j:log4j-core from 2.25.3 to 2.25.4 in /custom_model_runner/datarobot_drum/drum/language_predictors/java_predictor/py4j_entrypoint

datarobot/datarobot-user-models #2040

2.25.3 → 2.25.4 Patch PR
Open about 2 months ago 1 comment
datarobot
Bump org.apache.logging.log4j:log4j-core from 2.25.3 to 2.25.4

Relucent/yyl-base-lib #25

2.25.3 → 2.25.4 Patch PR
Closed about 2 months ago 1 comment
Relucent
Bump org.apache.logging.log4j:log4j-core from 2.25.3 to 2.25.4

membrane/api-gateway #2909

2.25.3 → 2.25.4 Patch PR
Open about 2 months ago 2 comments
membrane
chore(deps): bump the maven group across 9 directories with 3 updates

Talend/component-runtime #1199

2.25.3 → 2.25.4 Patch PR
Closed about 2 months ago 1 comment
Talend
Bump org.apache.logging.log4j:log4j-core from 2.25.3 to 2.25.4 in /Persistence/org.egovframe.rte.psl.reactive.mongodb

eGovFramework/egovframe-runtime #208

2.25.3 → 2.25.4 Patch PR
Closed about 2 months ago 1 comment
eGovFramework
Bump org.apache.logging.log4j:log4j-core from 2.25.3 to 2.25.4 in the maven group across 1 directory

kothar/compactlist #12

2.25.3 → 2.25.4 Patch PR
Closed about 2 months ago 2 comments
kothar
Bump org.apache.logging.log4j:log4j-core from 2.25.3 to 2.25.4

AxonFramework/extension-tracing #529

2.25.3 → 2.25.4 Patch PR
Closed about 2 months ago 1 comment
AxonFramework
Bump the maven group across 14 directories with 2 updates

henning-gerhardt/kitodo-production #222

2.25.3 → 2.25.4 Patch PR
Closed about 2 months ago 1 comment
henning-gerhardt
Package Details
Name: org.apache.logging.log4j:log4j-core
Ecosystem: maven
PURL Type: maven
Package URL: pkg:maven/org.apache.logging.log4j:log4j-core
JSON API: View JSON
Security Advisories

10

Active advisories
CRITICAL 2
HIGH 2
MODERATE 5
LOW 1
View All maven Advisories
Package Information
Description:

The Apache Log4j Implementation

Repository: https://github.com/apache/logging-log4j2
Homepage: https://logging.apache.org/log4j/3.x/
Latest Release: 2.24.3
over 1 year ago
Dependent Repos: 82,953
Dependent Packages: 8,839
Ranking: Top 0.0126% by dependent repos Top 0.0068% by dependent pkgs
PR Status
Open 532 (47.9%)
Merged 214 (19.3%)
Closed 358 (32.3%)
PR Types
Major 1 (0.1%)
Minor 628 (56.6%)
Patch 446 (40.2%)