How do I report a vulnerability or submit fixes/updates for existing ones?

Reporting new vulnerabilities to Snyk

If you're reporting a new vulnerability in an open source package, we have a disclosure policy here. You can email report@snyk.io to let us know about it so we can notify the developer and coordinate a fix. 

If the vulnerability has already been made public and seems outdated, email us at security@snyk.io.