Maintainers and community take security bugs seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.
To report a security issue, please use the GitHub Security Advisory "Report a Vulnerability" tab.
Please do not report security vulnerabilities through public GitHub issues, discussions, or Discord.
To help us better understand and resolve the issue, please include as much of the following information as possible:
- Full paths of source file(s) related to the manifestation of the issue
- The location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue
We will send a response indicating the next steps in handling your report. After the initial reply to your report, the security team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.
- Security issues will be disclosed in a coordinated manner
- We will credit reporters in the security advisory unless anonymity is requested
- We request that you do not publicly disclose the issue until we have released a fix
If you discover a security vulnerability in a third-party dependency used by Seerr, please report it directly to the maintainers of that module. You can also notify us through our security advisory process so we can:
- Track the issue and monitor for updates
- Apply patches or workarounds if available
- Coordinate with upstream maintainers when necessary
- Communicate the impact to our users
We regularly monitor and update our dependencies to address known security vulnerabilities.
Security updates and advisories will be published on our GitHub Security Advisories page.