Please refer to the Bytecode Alliance security policy for details on our disclosure policy and how to receive notifications about security issues.

To report a vulnerability, navigate to the security tab and click the green Report a Vulnerability button, or use this direct link to the reporting form.

The Endive team will send a response indicating the next steps in handling your report. After the initial reply, we will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.

Security patches are handled as priority releases. We recommend that CVE numbers are requested for discovered vulnerabilities following the Bytecode Alliance security policy.

Report security bugs in third-party dependencies to the person or team maintaining them when applicable.