Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

org.apache.logging.log4j:log4j-core

Ecosystem:
maven
Package URL:
pkg:maven/org.apache.logging.log4j:log4j-core
Total PRs:
777 Dependabot PRs
Latest PR:
2 days ago
Unique Repositories:
334 repositories
Unique Repos (30 days):
13 repositories
Security Advisories
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender
GHSA-vwqq-5vrc-xw9h CVE-2020-9488 LOW published over 5 years ago • updated about 7 hours ago
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender prior to version 2.13.2. This could allow an SMTPS connection t...
Remote code injection in Log4j
GHSA-jfh8-c2jp-5v3q CVE-2021-44228 CRITICAL published almost 4 years ago • updated about 3 hours ago
# Summary Log4j versions prior to 2.16.0 are subject to a remote code execution vulnerability via the ldap JNDI parser. As per [Apache's Log4j sec...
Incomplete fix for Apache Log4j vulnerability
GHSA-7rjr-3q55-vv33 CVE-2021-45046 CRITICAL published almost 4 years ago • updated about 5 hours ago
# Impact The fix to address [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228) in Apache Log4j 2.15.0 was incomplete in certain non...
Apache Log4j2 vulnerable to Improper Input Validation and Uncontrolled Recursion
GHSA-p6xc-xr62-6r2g CVE-2021-45105 HIGH published almost 4 years ago • updated about 3 hours ago
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not protect from uncontrolled recursion from self-referential lookups. This...
Apache Log4j 1.x (EOL) allows Denial of Service (DoS)
GHSA-vp98-w2p3-mv35 CVE-2023-26464 HIGH published over 2 years ago • updated about 2 hours ago
** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages ...
View all 6 advisories
Recent PRs
RSS Feed
Bump the maven-dependencies group across 1 directory with 38 updates

abbierwolf/AxonFramework #117

2.24.3 → 2.25.2 Minor PR
Open 2 days ago 1 comment
abbierwolf
chore(deps): bump org.apache.logging.log4j:log4j-core from 2.14.1 to 2.17.1

faccenda-org/vulnspringbootapp #37

2.14.1 → 2.17.1 Minor PR
Open 5 days ago 4 comments
faccenda-org
build(deps): bump org.apache.logging.log4j:log4j-core from 2.24.3 to 2.25.2

Lopesnextgen/aether-lunar-launcher #5

2.24.3 → 2.25.2 Minor PR
Closed 6 days ago 1 comment
Lopesnextgen
Bump org.apache.logging.log4j:log4j-core from 2.14.0 to 2.25.2

ankitagavali161/security-ghas-demo #8

2.14.0 → 2.25.2 Minor PR
Open 7 days ago 1 comment
ankitagavali161
chore(deps): Bump the all group across 1 directory with 52 updates

risingwavelabs/risingwave #23829

2.25.1 → 2.25.2 Patch PR
Closed 7 days ago 1 comment
risingwavelabs
Bump the azure-dependencies group in /provider/search-azure with 33 updates

danielscholl-osdu/search #9

2.21.1 → 2.25.2 Minor PR
Open 11 days ago 3 comments
danielscholl-osdu
Bump the logging group with 5 updates

danielscholl-osdu/indexer-queue #4

2.24.3 → 2.25.2 Minor PR
Open 12 days ago 3 comments
danielscholl-osdu
Bump the dev-dependencies group across 1 directory with 22 updates

NASA-PDS/registry-legacy-solr #221

2.24.0 → 2.25.2 Minor PR
Open 15 days ago 2 comments
NASA-PDS
build(deps): bump the dependencies group across 1 directory with 119 updates

froque/jooby #134

2.24.3 → 2.25.2 Minor PR
Closed 15 days ago 1 comment
froque
deps(deps): bump the maven-dependencies group across 1 directory with 61 updates

QRun-IO/qqq #266

2.23.0 → 2.25.2 Minor PR
Closed 15 days ago 1 comment
QRun-IO
Bump the maven-patch-group group across 1 directory with 13 updates

rvesse/jena #193

2.25.0 → 2.25.2 Patch PR
Open 21 days ago 1 comment
rvesse
chore(deps): bump the maven-dependencies group with 19 updates

fast-ish/aws-webapp-infra #102

2.25.1 → 2.25.2 Patch PR
Open 22 days ago 1 comment
fast-ish
chore(deps): bump the maven-dependencies group in /fn/layer/shared with 7 updates

fast-ish/aws-webapp-infra #100

2.25.1 → 2.25.2 Patch PR
Open 22 days ago 1 comment
fast-ish
Bump the dependencies group with 12 updates

Jeff-State-Programming/bytebin #1

2.25.1 → 2.25.2 Patch PR
Open 25 days ago 1 comment
Jeff-State-Programming
Bump the azure-dependencies group across 1 directory with 32 updates

danielscholl-osdu/search #19

2.21.1 → 2.25.2 Minor PR
Open 30 days ago 6 comments
danielscholl-osdu
Bump the core-dependencies group in /search-core with 40 updates

danielscholl-osdu/search #11

2.21.1 → 2.25.2 Minor PR
Open about 1 month ago 1 comment
danielscholl-osdu
Bump the logging group with 5 updates

danielscholl-osdu/indexer-queue #5

2.24.3 → 2.25.2 Minor PR
Open about 1 month ago 4 comments
danielscholl-osdu
chore(deps): bump the maven-dependencies group with 14 updates

fast-ish/aws-webapp-infra #94

2.25.1 → 2.25.2 Patch PR
Closed about 1 month ago 2 comments
fast-ish
chore(deps): Bump the all group across 1 directory with 39 updates

risingwavelabs/risingwave #23587

2.25.1 → 2.25.2 Patch PR
Closed about 1 month ago 1 comment
risingwavelabs
Bump the maven-dependencies group across 1 directory with 33 updates

abbierwolf/AxonFramework #114

2.24.3 → 2.25.2 Minor PR
Open about 1 month ago 2 comments
abbierwolf
gradle: bump the dependency-group group across 1 directory with 13 updates

navikt/sosialhjelp-avtaler-api #347

2.25.0 → 2.25.2 Patch PR
Closed about 2 months ago 1 comment
navikt
[12.1.x EE10] Bump the dev-dependencies group across 1 directory with 48 updates

jetty/jetty.project #13785

2.25.0 → 2.25.2 Patch PR
Closed about 2 months ago 1 comment
jetty
[12.1.x EE11] Bump the dev-dependencies group across 1 directory with 48 updates

jetty/jetty.project #13783

2.25.0 → 2.25.2 Patch PR
Closed about 2 months ago 1 comment
jetty
build(deps): bump the gradle-production-dependencies group across 2 directories with 14 updates

dastagiridev-tech/opentelemetry-demo #40

2.25.1 → 2.25.2 Patch PR
Closed about 2 months ago 1 comment
dastagiridev-tech
Bump org.apache.logging.log4j:log4j-core from 2.13.0 to 2.25.2

abdullahfouad/vulns2 #1

2.13.0 → 2.25.2 Minor PR
Open about 2 months ago
abdullahfouad
gradle: bump the dependency-group group with 11 updates

navikt/sosialhjelp-avtaler-api #346

2.25.0 → 2.25.2 Patch PR
Closed about 2 months ago 2 comments
navikt
[12.0.x EE10] Bump the dev-dependencies group across 1 directory with 37 updates

jetty/jetty.project #13765

2.25.0 → 2.25.2 Patch PR
Closed about 2 months ago 1 comment
jetty
gradle: bump the patch group with 10 updates

navikt/sosialhjelp-avtaler-api #344

2.25.0 → 2.25.2 Patch PR
Closed about 2 months ago 1 comment
navikt
Bump the build-dependencies group across 1 directory with 55 updates

kchobantonov/hibernate-search #265

2.24.3 → 2.25.2 Minor PR
Closed about 2 months ago 2 comments
kchobantonov
Bump the upstream-libs group across 1 directory with 11 updates

usethesource/rascal-language-servers #819

2.25.1 → 2.25.2 Patch PR
Merged about 2 months ago 1 comment
usethesource
build(deps): bump the gradle-production-dependencies group across 2 directories with 14 updates

AcheampongStephen/OpenTelemetry #41

2.25.1 → 2.25.2 Patch PR
Open about 2 months ago
AcheampongStephen
Bump the build-dependencies group across 1 directory with 54 updates

kchobantonov/hibernate-search #263

2.24.3 → 2.25.2 Minor PR
Open about 2 months ago 1 comment
kchobantonov
build(deps): bump the gradle-production-dependencies group across 2 directories with 9 updates

AcheampongStephen/OpenTelemetry #38

2.25.1 → 2.25.2 Patch PR
Open about 2 months ago
AcheampongStephen
Bump the gradle-all group across 1 directory with 39 updates

ambarishvrao/opensearch-migrations-public #9

2.25.1 → 2.25.2 Patch PR
Closed about 2 months ago 1 comment
ambarishvrao
[4.1] Bump org.apache.logging.log4j:log4j-core from 2.25.1 to 2.25.2

hibernate/hibernate-reactive #2601

2.25.1 → 2.25.2 Patch PR
Merged about 2 months ago
hibernate
[2.4] Bump org.apache.logging.log4j:log4j-core from 2.25.1 to 2.25.2

hibernate/hibernate-reactive #2592

2.25.1 → 2.25.2 Patch PR
Merged about 2 months ago
hibernate
Bump org.apache.logging.log4j:log4j-core from 2.25.1 to 2.25.2

DavideD/hibernate-reactive #134

2.25.1 → 2.25.2 Patch PR
Open about 2 months ago
DavideD
Bump the patches group across 1 directory with 9 updates

National-Digital-Twin/fuseki-yaml-config #21

2.24.3 → 2.25.2 Minor PR
Open about 2 months ago
National-Digital-Twin
build(deps): bump the dependencies group across 1 directory with 109 updates

froque/jooby #127

2.24.3 → 2.25.2 Minor PR
Open about 2 months ago
froque
deps(deps): bump the maven-dependencies group with 61 updates

QRun-IO/qqq #250

2.23.0 → 2.25.2 Minor PR
Closed about 2 months ago 1 comment
QRun-IO
chore(deps): bump the patches group across 1 directory with 20 updates

National-Digital-Twin/rdf-abac #26

2.24.3 → 2.25.2 Minor PR
Open about 2 months ago 2 comments
National-Digital-Twin
Bump the dependencies group across 1 directory with 15 updates

skodjob/data-generator #76

2.25.1 → 2.25.2 Patch PR
Merged about 2 months ago
skodjob
Bump the general-dependencies group across 1 directory with 6 updates

streamshub/flink-sql #117

2.25.1 → 2.25.2 Patch PR
Open about 2 months ago
streamshub
Bump the dependencies group across 1 directory with 15 updates

scalar-labs/scalardl #282

2.25.1 → 2.25.2 Patch PR
Merged about 2 months ago 3 comments
scalar-labs
Bump org.apache.logging.log4j:log4j-core from 2.25.1 to 2.25.2

NASA-PDS/registry-common #178

2.25.1 → 2.25.2 Patch PR
Merged about 2 months ago 1 comment
NASA-PDS
Bump the patches group across 1 directory with 10 updates

telicent-oss/fuseki-yaml-config #58

2.25.1 → 2.25.2 Patch PR
Open about 2 months ago
telicent-oss
Bump the maven-dependencies group across 1 directory with 18 updates

AxonIQ/axonserver-connector-java #444

2.24.3 → 2.25.2 Minor PR
Merged about 2 months ago 1 comment
AxonIQ
Bump org.apache.logging.log4j:log4j-core from 2.25.1 to 2.25.2

mtarek6/first-test-automation-framework #5

2.25.1 → 2.25.2 Patch PR
Merged about 2 months ago
mtarek6
chore(deps-dev): bump org.apache.logging.log4j:log4j-core from 2.25.0 to 2.25.2

sventorben/keycloak-home-idp-discovery #586

2.25.0 → 2.25.2 Patch PR
Merged about 2 months ago
sventorben
build(deps): bump the gradle group with 59 updates

ricekot/zap-extensions #6

2.24.2 → 2.25.2 Minor PR
Open about 2 months ago
ricekot
Package Details
Name: org.apache.logging.log4j:log4j-core
Ecosystem: maven
PURL Type: maven
Package URL: pkg:maven/org.apache.logging.log4j:log4j-core
JSON API: View JSON
Security Advisories

6

Active advisories
CRITICAL 2
HIGH 2
MODERATE 1
LOW 1
View All maven Advisories
Package Information
Description:

The Apache Log4j Implementation

Repository: https://github.com/apache/logging-log4j2
Homepage: https://logging.apache.org/log4j/3.x/
Latest Release: 2.24.3
12 months ago
Dependent Repos: 82,953
Dependent Packages: 8,839
Ranking: Top 0.0126% by dependent repos Top 0.0068% by dependent pkgs
PR Status
Open 391 (50.3%)
Merged 214 (27.5%)
Closed 166 (21.4%)
PR Types
Minor 431 (55.5%)
Major 1 (0.1%)
Patch 320 (41.2%)