Security Disclosure
The Vuetify team takes security seriously. We appreciate your efforts to responsibly disclose vulnerabilities and will make every effort to acknowledge your contributions.
Reporting a Vulnerability
To report a security issue, email security@vuetifyjs.com and include the word “SECURITY” in the subject line.
Please include:
Description of the vulnerability
Steps to reproduce
Potential impact
Any suggested fixes (optional)
What to Expect
Initial Response — We will acknowledge receipt within 48 hours
Investigation — We will investigate and keep you informed of progress
Resolution — We will prepare and release fixes as quickly as possible
Credit — We will credit you in the release notes (unless you prefer anonymity)
Disclosure Policy
When we receive a security report, we will:
Confirm the problem and determine affected versions
Audit code to find any similar issues
Prepare fixes for all maintained releases
Release fixes to npm as quickly as possible
Third-Party Dependencies
Report security bugs in third-party modules to the maintainers of those modules. You can also report vulnerabilities through the Node Security Project↗.
Scope
This policy applies to the @vuetify/v0 package and related packages in the vuetifyjs/0↗ repository.
View the full SECURITY.md↗ on GitHub.