See the full list of npm packages compromised in the "SHA1-Hulud npm supply chain incident – Nov 2025" [View compromised packages].
Find out if you have vulnerabilities that put you at risk
Test your applicationsAPPLICATION
OPERATING SYSTEM
| VULNERABILITY | AFFECTS | TYPE | PUBLISHED |
|---|---|---|---|
| apache-log4j2<2.15.0-1~deb11u1 | debian:11 | 10 Dec 2021 |
| org.apache.logging.log4j:log4j-api[,0] | Maven | 10 Dec 2021 |
| org.apache.logging.log4j:log4j-core[2.0-beta9,2.3.1)[2.4,2.12.2)[2.13.0,2.15.0) | Maven | 10 Dec 2021 |
| log4j-jars>=2.0.0rc1, <2.15.0 | RubyGems | 10 Dec 2021 |