We take the security of this project seriously. If you have discovered a security vulnerability, please do not open a public issue.

Please report vulnerabilities via email to: [support@penpot.app]

• A brief description of the vulnerability.
• Steps to reproduce the issue.
• Potential impact if exploited.

We appreciate your patience and your commitment to responsible disclosure.

We are incredibly grateful to the following individuals and organizations for their help in keeping this project safe.

• Ali Maharramli – for identifying critical path traversal vulnerability

Note: This list is a work in progress. If you have contributed to the security of this project and would like to be recognized (or prefer to remain anonymous), please let us know.