Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.logging.log4j/log4j@2.0-alpha1
purl pkg:maven/org.apache.logging.log4j/log4j@2.0-alpha1
Next non-vulnerable version 2.12.3
Latest non-vulnerable version 2.17.0
Risk 4.5
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-bbq3-tx7c-yucn
Aliases:
CVE-2022-23307
GHSA-f7vh-qwp3-x37m
This advisory has been marked as False Positive and removed.
2.0
Affected by 4 other vulnerabilities.
VCID-mz9r-j78c-dfe3
Aliases:
CVE-2020-9488
GHSA-vwqq-5vrc-xw9h
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender prior to version 2.13.2. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender.
2.3.2
Affected by 2 other vulnerabilities.
2.12.3
Affected by 0 other vulnerabilities.
2.13.2
Affected by 2 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-zbwq-f71w-jqhy Deserialization of Untrusted Data in Log4j Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions 1.2 up to 1.2.17. Users are advised to migrate to `org.apache.logging.log4j:log4j-core`. CVE-2019-17571
GHSA-2qrg-x229-3v8q

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T21:37:45.832774+00:00 GitLab Importer Affected by VCID-bbq3-tx7c-yucn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.logging.log4j/log4j/CVE-2022-23307.yml 38.4.0
2026-04-16T21:02:51.186535+00:00 GitLab Importer Affected by VCID-mz9r-j78c-dfe3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.logging.log4j/log4j/CVE-2020-9488.yml 38.4.0
2026-04-11T22:52:01.639249+00:00 GitLab Importer Affected by VCID-bbq3-tx7c-yucn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.logging.log4j/log4j/CVE-2022-23307.yml 38.3.0
2026-04-11T22:14:14.032593+00:00 GitLab Importer Affected by VCID-mz9r-j78c-dfe3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.logging.log4j/log4j/CVE-2020-9488.yml 38.3.0
2026-04-02T23:01:26.679034+00:00 GitLab Importer Affected by VCID-bbq3-tx7c-yucn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.logging.log4j/log4j/CVE-2022-23307.yml 38.1.0
2026-04-02T22:26:34.994908+00:00 GitLab Importer Affected by VCID-mz9r-j78c-dfe3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.logging.log4j/log4j/CVE-2020-9488.yml 38.1.0
2026-04-02T12:36:16.532833+00:00 GitLab Importer Fixing VCID-zbwq-f71w-jqhy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.logging.log4j/log4j/CVE-2019-17571.yml 38.0.0
2026-04-01T17:20:17.867400+00:00 GitLab Importer Affected by VCID-bbq3-tx7c-yucn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.logging.log4j/log4j/CVE-2022-23307.yml 38.0.0
2026-04-01T16:44:30.545559+00:00 GitLab Importer Affected by VCID-mz9r-j78c-dfe3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.logging.log4j/log4j/CVE-2020-9488.yml 38.0.0