Report a security issue

Email is optional — leave blank to report anonymously. Before submitting, please skim our disclosure policy so we're aligned on scope and safe-harbor.

Your email (optional)

We'll only use this to acknowledge the report and coordinate the fix.

Short summary

Severity (your best estimate)

Details

Good reports: reproduction steps, the affected URL, impact, and any caveats. Don't include real user PHI — use test records you create yourself.

By submitting, you agree to our disclosure policy, including the safe-harbor terms and our commitment to acknowledge within 3 business days. We do not offer monetary bounties at this time.