Report a Vulnerability
To report an advisory missing from OSS Index, or a correction to an existing report, please
create an issue in our
advisory submission repository on GitHub. This will
ensure that additions and corrections will be made as quickly as possible.
Maven Zero Days - Central Security Project
Sonatype, Inc. (“Sonatype”) has established the
Central Security Project with the goal of keeping the Maven
ecosystem safe by providing a place for the security community to report security issues found in open
source Maven components (each a “Vulnerability”). To report a new maven package vulnerability, please visit the
Central Security Project.