Overview
We appreciate vulnerability reports. There is NO monetary bounty.
Reporters will be publicly acknowledged by name in our official Discord group and listed on our Hall of Fame page.
Please report issues responsibly and provide reproduction steps. Do not exploit or publish details before we have had a chance to remediate.
Contact Information
- Email: [email protected]
- Official Discord: https://urubu.host/discord
Additional Resources
- Canonical security.txt: https://urubu.host/.well-known/security.txt
- Encryption key for secure submissions: https://urubu.host/pgp
- Acknowledgments / Hall of Fame: https://urubu.host/hall-of-fame
- Preferred Language: English (en)
- Policy last valid until: 24 September 2026
For more information, refer to our security.txt file for official details.