Support Forums

Where to report security vulnerabilities?

Not sure if this is the correct place, but I was trying to report a possible security bug within Netlify. After sending the email I got responded with “… you are a member of a team on a free Netlify plan”.
It’s not safe to make any vulnerability details public, where should I report this problem? There is a possibility that Netlify doesn’t consider the problem with valuable risk, but I don’t feel right to post it here.

hey @JafarAkhondali! Thank you so much for being invested in the security of our platform - we are as well and curious to hear more about what you noticed.

Can you please send an email to security@netlify.com so we can take a look?

We can also get you access to our bug bounty program and will report the vulnerability to Hackerone.

thank you again for reporting this in a responsible way :pray: