There are currently no known security vulnerabilities in ONOS. The advisory below is a template, demonstrating the structure of future advisories.
[Moderate] CVE-YYYY-XXXX component-name: insecure code of some kind
It was found that the code was insecure in some way.
ONOS 1.0.0 Avocet is confirmed to be affected.