We take the security of Composio seriously. If you believe you have found a security vulnerability, please report it to us through GitHub Security Advisories or drop us an email at security@composio.dev
Please do not report security vulnerabilities through public GitHub issues.
Instead, please report them using one of the following methods:
-
GitHub Security Advisory (Preferred): Report a vulnerability directly through GitHub by visiting:
-
Email: If you prefer not to use GitHub Security Advisories, you can email security concerns to the maintainers.
Please include as much of the following information as possible:
- Type of vulnerability
- Full paths of source file(s) related to the vulnerability
- Location of the affected source code (tag/branch/commit or direct URL)
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the vulnerability, including how an attacker might exploit it
- We will acknowledge your report within 48 hours
- We will provide a more detailed response within 7 days indicating the next steps
- We will keep you informed of the progress toward resolving the issue
- We may ask for additional information or guidance
We release patches for security vulnerabilities. Please ensure you are using the latest version of Composio.
- We follow coordinated disclosure practices
- Security advisories will be published after a fix is available
- We appreciate responsible disclosure and will acknowledge reporters in the advisory (unless you prefer to remain anonymous)
Thank you for helping keep Composio and our users safe!