Yes! If you believe you have found a security vulnerability on Snyk, we encourage you to let us know right away. We will investigate all legitimate reports and do our best to quickly fix the problem. Before reporting though, please review the security bug bounty page including our responsible disclosure policy, reward guidelines, and those things that should not be reported.
Or if you've found an issue in an open source package (npm, ruby gem, maven or python library), you can report it to us through the 'Report a Vulnerability' form, and we will handle the responsible disclosure with the owner of the package.