Skip to main content

Supported Versions

The OWASP Nest project follows a rolling release model. Only the latest version on the main branch is actively supported with security updates.

Reporting a Vulnerability

If you discover a security vulnerability in OWASP Nest, please report it responsibly.

How to Report

Please use the GitHub Security Advisory form to report a security vulnerability.Do not create public GitHub issues for security-related reports.

What to Include

When reporting a vulnerability, please include:
  • A clear description of the issue
  • Steps to reproduce (if applicable)
  • Potential impact
  • Any relevant logs or screenshots

Response Timeline

We are committed to responding to security reports in a timely manner:
1

Initial Acknowledgment

Within 10 days of receiving your report
2

Investigation and Validation

Within 30 days depending on the issue severity
3

Fix and Coordinated Disclosure

Within 90 days after investigation and validation
Thank you for helping keep OWASP Nest and the community secure.

Build docs developers (and LLMs) love

Get started for freeTalk to us