# Security vulnerability disclosure

If you discover a security vulnerability, you can report it to us via any of the below channels:
- Open an issue of type "Security" on the [issue tracker](https://issues.iceshrimp.dev/). Make sure to set "Confidential" to "Yes" if the vulnerability details are not already public.
- Send your PGP key to security@iceshrimp.dev. After secure communication is established, send us the vulnerability details as an encrypted message.

This will allow us to assess the risk & make a fix available before the vulnerability is disclosed publicly.