Skip to content

Security: InterWeb-LT/NodeBB

Security

.github/SECURITY.md

Reporting a security vulnerability

NodeBB's security policy is based around a private bug bounty program. Users are invited to explore NodeBB for vulnerabilities, and report them to the NodeBB team so that they can be patched.

If you have found a security vulnerability, do not post it onto our GitHub tracker. Some security vulnerabilities are quite severe and discretion is recommended. Email the NodeBB Security Team at [email protected], instead.

Bug Bounty Program

Security vulnerability reports may be eligible for a bounty based on severity and confirmation from NodeBB team members. For full details regarding our bug bounty program, including the bounty amounts, please consult the following page: https://blog.nodebb.org/bounty

There aren’t any published security advisories