At VeChain, we prioritize the security of our software products and services, including all source code repositories managed under our GitHub organizations.

If you believe you’ve discovered a security vulnerability in any VeChain-owned repository, we encourage you to report it responsibly as outlined below.

Please do not report security vulnerabilities through public GitHub issues.

Instead, please email us at [email protected].

You should receive a response within 48 hours. If you do not hear back, feel free to follow up via email to confirm we’ve received your report.

To help us address the issue efficiently, please include:

• Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
• Full paths of source file(s) related to the manifestation of the issue
• The location of the affected source code (tag/branch/commit or direct URL)
• Any special configuration required to reproduce the issue
• Step-by-step instructions to reproduce the issue
• Proof-of-concept or exploit code (if possible)
• Impact of the issue, including how an attacker might exploit the issue

Providing as much detail as possible helps us address the issue faster.

We prefer all communications to be in English.