As contributors to open source and to the IT community in general, we value the work of independent security researchers.
If you’re good enough to spot a vulnerability on our site, we’d love to know about it. We’ll reward anyone who reports a critical vulnerability for the first time.
Just follow the guideline below to ensure that you qualify for a reward and don’t violate our Terms and Conditions.
- To send us an email, please check our security.txt file.
- Encrypt all sensitive information using our .
- Provide full details of the vulnerability so that we can quickly reproduce it.
- Avoid disrupting or degrading our services in any way. Given the nature of our business, denial-of-service attacks are not welcome at all.
- Don’t copy, delete, access, or change any data that doesn’t belong to you.
- Don’t publicize any details of the vulnerability until we’ve had a chance to fix it.
We’ll try to get back to you within two working days.
If an unauthorized transaction was made on your payment card, please contact the issuing bank and the police to notify them about the suspicious activity.
If you need any more assistance, check our Help center.