Found Something Unexpected?

The Open Raven team is comprised of security professionals that have been a part of and have contributed to the security community for decades and are committed to working with researchers.

You can report security issues to [email protected].

Please provide enough information so that we can evaluate your report properly. This information should include the following:

  • A description of the issue explaining the vulnerability, including the impact on users or platform. Please describe how the issue crosses privilege boundaries.
  • The affected page or feature.
  • A proof-of-concept or functional exploit that demonstrates the issue. If a proof-of-concept is not available, please include any relevant logs generated by your testing.
  • Any caveats or conditions required to exploit the issue. Indicate if there are any specific settings, circumstances, configurations, timing, or required user interactions.


Invalid issues

Potential vulnerabilities that do not by themselves expose the platform to attack are not considered valid issues. For example, injecting or the lack of a specific HTML tag does not necessarily mean it is vulnerable to cross-site scripting. Similarly, injecting a single backtick (`) does not necessarily mean it is vulnerable to SQL injection.

Once we receive your report, Open Raven will stay in touch to provide updates on our investigation. During this time, we might also request additional information.