CrewAI prioritizes the security of our software products, services, and GitHub repositories. To promptly address vulnerabilities, follow these steps for reporting security issues:

Do not report vulnerabilities via public GitHub issues.

Email all vulnerability reports directly to:
security@crewai.com

To help us quickly validate and remediate the issue, your report must include:

• Vulnerability Type: Clearly state the vulnerability type (e.g., SQL injection, XSS, privilege escalation).
• Affected Source Code: Provide full file paths and direct URLs (branch, tag, or commit).
• Reproduction Steps: Include detailed, step-by-step instructions. Screenshots are recommended.
• Special Configuration: Document any special settings or configurations required to reproduce.
• Proof-of-Concept (PoC): Provide exploit or PoC code (if available).
• Impact Assessment: Clearly explain the severity and potential exploitation scenarios.

• We will acknowledge receipt of your report promptly via your provided email.
• Confirmed vulnerabilities will receive priority remediation based on severity.
• Patches will be released as swiftly as possible following verification.

Currently, we do not offer a bug bounty program. Rewards, if issued, are discretionary.