This document outlines the Responsible Disclosure Program for Auth0 open source software.
At Auth0 we take security seriously and consider it a top priority. Since a public disclosure of a security vulnerability could put the entire Auth0 community at risk, we require that potential vulnerabilities are kept confidential until they are confirmed and fixed. We appreciate your efforts in keeping Auth0 and its users safe by responsibly disclosing any security vulnerability. Rest assured we will make every effort to acknowledge your contributions.
Any security related issue should be reported to Auth0 via the form at the bottom of the Responsible Disclosure Policy page.
If individuals prefer to directly communicate with the Auth0 security team, they are invited to send an email to security@auth0.com. For encrypted communication, you can download our PGP key from here.