Report Vulnerability

Report a vulnerability or correction

Missing or Incorrect Advisory

To report an advisory missing from OSS Index or a correction to an existing report, please create an issue in our advisory submission repository on GitHub.
This will ensure that additions and corrections will be made as quickly as possible.

Maven Zero Days - Central Security Project

Sonatype, Inc. (“Sonatype”) has established the Central Security Project with the goal of keeping the Maven ecosystem safe by providing a place for the security community to report security issues found in open source Maven components (each a “Vulnerability”).
To report a new maven package vulnerability, please visit Central Security Project.