Report a vulnerability

Please fill out the form to report a vulnerability or email a description to report@nodesecurity.io.

Our disclosure timeline

  1. Vulnerability is identified or Disclosed to Node Security Platform - We will endeavor to keep reporter / finder in the loop with all communications / events.
  2. Maintainers are notified if it's not a self disclosure.
  3. Node Security subscribers are notified and provided guidance and recommendations for mitigation
  4. After a fix is made available the public advisory is finalized and a CVE requested.
  5. If no fix is available after 45 days the advisory will timeout and will be made publicly available.
Please include any references, commits, or code examples that would be useful in reproducing the issue