The OWASP Nest project follows a rolling release model.
Only the latest version on the main branch is actively supported with security updates.
If you discover a security vulnerability in OWASP Nest, please report it responsibly.
Please use this form to report a security vulnerability. Please do not create public GitHub issues for security-related reports.
When reporting a vulnerability, please include:
- A clear description of the issue
- Steps to reproduce (if applicable)
- Potential impact
- Any relevant logs or screenshots
- Initial acknowledgment: within 10 days
- Investigation and validation: within 30 days depending on the issue severity
- Fix and coordinated disclosure: within 90 days after investigation and validation
Thank you for helping keep OWASP Nest and the community secure.