Reach out to us at to provide feedback or ask a question.


Sonatype OSS Index is a free tool to help developers create more secure applications.

We encourage you to share your thoughts on how we can improve the usability of the site, the quality of information we provide, or just reach out to say hello.

To report an advisory missing from OSS Index, or a correction to an existing report, please create an issue in our advisory submission repository on GitHub. This will ensure that additions and corrections will be made as quickly as possible.

We appreciate your feedback!

Central Security Project

Sonatype, Inc. (“Sonatype”) has established the Central Security Project with the goal of keeping the Maven ecosystem safe by providing a place for the security community to report security issues found in open source Maven components (each a “Vulnerability”). To report a new maven package vulnerability, please visit the Central Security Project.