Central Security Project

target_in_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
Java Component in search.maven.org SOURCE_CODE high high high critical
Use this asset for any component found using the [Central Search](https://search.maven.org) or the [OSS Index Search](https://ossindex.sonatpe.org) for maven components
Java component NOT in search.maven.org SOURCE_CODE critical
Use this asset for an open source Java component that could not be found in [search.maven.org](search.maven.org). Our security research team will verify it's a valid open source component available in a public repository. If it is a valid component, we will accept and if it is not a valid component we will let you know.
Suspected Java Component DOWNLOADABLE_EXECUTABLES critical
Use this if you have a vulnerability that could not be mapped back to a open source project. It was something found in an open source Java application, framework or component from penetration testing or other non source code deterministic testing methodology. **Note: Only use this if you have a vulnerability but can't identify the vulnerable project**

target_out_of_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity