Report a vulnerability or correction
Missing or Incorrect Advisory
To report an advisory missing from OSS Index or a correction to an existing report, please
create an issue in our
advisory submission repository on GitHub
This will ensure that additions and corrections will be made as quickly as possible.
Maven Zero Days - Central Security Project
Sonatype, Inc. (“Sonatype”) has established the
Central Security Project
with the goal of keeping the Maven ecosystem safe by providing a place for the security community to report security
issues found in open source Maven components (each a “Vulnerability”).
To report a new maven package vulnerability, please visit Central Security Project .