Help Us Keep Our Platform Secure

Please include the following information in your report to help us understand and address the issue effectively:

A clear and detailed description of the vulnerability or security issue

Steps to reproduce the issue (including URLs, HTTP requests/responses, or screenshots)

Any proof-of-concept code, if available

An assessment of the potential impact of the vulnerability

The following types of findings are not classified as security vulnerabilities:

Non-Sensitive Cookie Attributes:
Security-related attributes on cookies are applied to enhance protection, but their absence on cookies that do not handle sensitive data is not considered a security risk.

HTTP Header Configuration:
Use of headers such as X-Frame-Options, Content Security Policy (CSP), or X-Content-Type-Options (nosniff) are regarded as a security best practice rather than a vulnerability.

Stack Trace Exposure: Stack traces, when displayed, are not inherently treated as security issues. However, if a stack trace reveals personally identifiable information please submit a detailed report so it can be reviewed.

If you have questions about these guidelines or believe you have identified a more significant concern, please contact our security team for clarification.

Please include the following information in your report to help us understand and address the issue effectively:

Please do not publicly disclose the vulnerability before we have had a chance to investigate and address it.

Only test against accounts and data you own or have explicit permission to use.

Do not attempt to access, modify, or delete data that does not belong to you.