If you believe that you’ve found a vulnerability, please report it in our Bug Bounty program on HackerOne. Please note that only submissions that show an actual impact of exploitation will be rewarded. Issues reported by security scanners and vulnerabilities in dependencies won’t be eligible for a bounty without demonstrating an actual impact.