A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/
https://public.vulnerablecode.io/packages/pkg:maven/log4j/log4j@1.2.8?search=maven/log4j
Reports https://public.vulnerablecode.io/packages/pkg%3Amaven/log4j/log4j%402.17.0?search=pkg:maven/log4j/log4j@2.17.0 as the latest non vulnerable version of log4j. But this is a ghost package. We should not report ghost package as fix/non vulnerable for anything.