Skip to content

Security: how to report vulnerabilities privately? (Private Vulnerability Reporting appears disabled) #3315

Description

@Santoshkumarpuppala

Hi — I'm a security researcher and I've found a couple of security issues in Teable that I'd like
to report privately under coordinated disclosure.

GitHub private vulnerability reporting doesn't seem to be enabled (Security →
"Report a vulnerability" / /security/advisories/new returns 404), and I couldn't find a
SECURITY.md or a security contact.

Could you either:

  1. enable Private Vulnerability Reporting (Settings → Code security and analysis →
    "Private vulnerability reporting"), or
  2. share a security contact email?

I have full write-ups and working local proofs-of-concept ready to share privately. I'm also
disclosing through Snyk so a CVE can be coordinated. Happy to follow whatever process you prefer,
and I'll hold all details until a fix is out.

Thanks for your work on Teable.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions