Skip to content

Security: CMU-313/nodebb-f24-codebb

Security

.github/SECURITY.md

Reporting a security vulnerability

NodeBB's security policy is based around a private bug bounty program. Users are invited to explore NodeBB for vulnerabilities, and report them to the NodeBB team so that they can be patched.

If you have found a security vulnerability, do not post it onto our GitHub tracker. Some security vulnerabilities are quite severe and discretion is recommended. Email the NodeBB Security Team at [email protected], instead, even if you are not sure whether something qualifies.

Bug Bounty Program

Security vulnerability reports may be eligible for a bounty based on severity and confirmation from NodeBB team members. For full details regarding our bug bounty program, including the bounty amounts, please consult the dedicated page for our Bug Bounty Program.

There aren’t any published security advisories