# Security Policy

## Reporting a Vulnerability

We take the security of this project seriously. If you have discovered
a security vulnerability, please do **not** open a public issue.

Please report vulnerabilities via email to: **[support@penpot.app]**


### What to include:

* A brief description of the vulnerability.
* Steps to reproduce the issue.
* Potential impact if exploited.

We appreciate your patience and your commitment to **responsible disclosure**.

---

## Security Contributors

We are incredibly grateful to the following individuals and
organizations for their help in keeping this project safe.

* **Ali Maharramli** – for identifying critical path traversal vulnerability


> **Note:** This list is a work in progress. If you have contributed
> to the security of this project and would like to be recognized (or
> prefer to remain anonymous), please let us know.