Report Vulnerability

Report a vulnerability or correction

Missing or Incorrect Advisory

To report an advisory missing from OSS Index or a correction to an existing report, please create an issue in our advisory submission repository on GitHub .
This will ensure that additions and corrections will be made as quickly as possible.

Maven Zero Days - Central Security Project

Sonatype, Inc. (“Sonatype”) has established the Central Security Project with the goal of keeping the Maven ecosystem safe by providing a place for the security community to report security issues found in open source Maven components (each a “Vulnerability”).
To report a new maven package vulnerability, please visit Central Security Project .