> ## Documentation Index
> Fetch the complete documentation index at: https://docs.webhook.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Report a vulnerability

> Found a security issue in webhook.co? Report it privately — here's how, and what to expect.

If you've found a security vulnerability, please report it **privately** so we can fix it before it's
public. We're grateful for responsible disclosure.

## How to report

<CardGroup cols={2}>
  <Card title="GitHub Security Advisories" icon="github" href="https://github.com/webhook-co/webhook/security/advisories/new">
    Use **"Report a vulnerability"** on the open-core repository. This is the preferred channel.
  </Card>

  <Card title="Email" icon="envelope" href="mailto:security@webhook.co">
    If GitHub advisories aren't available to you, email **[security@webhook.co](mailto:security@webhook.co)**.
  </Card>
</CardGroup>

## What to include

* What you found and where, with enough detail to reproduce it.
* The impact you think it has.
* Any proof-of-concept, and how you'd suggest fixing it.

## What to expect

We aim to acknowledge reports within a few business days and will keep you updated on progress. Please
give us a reasonable window to investigate and ship a fix before any public disclosure. We're happy to
credit reporters who want it.

<Note>
  Please don't run intrusive testing against production, exfiltrate data, or degrade the service
  while testing — report what you find and let us reproduce it.
</Note>
