Vulnerability Disclosure

We at Snyk value the security community and believe that a responsible disclosure of security vulnerabilities in open source packages helps us ensure the security and privacy of the users. We aim to provide a disclosure program for the security community to report security issues found within languages including JavaScript, Java, Python, .NET, Go, Ruby and PHP.

Using this form, you can disclose vulnerabilities you’ve found or vulnerabilities that are missing within Snyk Vulnerability Database, and we’ll help you verify the vulnerability and contact the maintainer. In addition, as a CVE Numbering Authority (CNA) we are also able to assign a CVE for the issue.

Before submitting a report, please review our disclosure policy which can be found here.

For any questions or follow ups on the disclosure you may email us at report@snyk.io.