Back to all forms

Security

Security Report

Privately report suspected vulnerabilities or security concerns affecting ChemVault systems.

Draft

Purpose

Security reports should be handled privately and responsibly.

  • Do not publicly disclose vulnerabilities before the ChemVault team has reviewed them.
  • Do not attack real user data, disrupt services, or upload malicious files.
  • You may submit reproduction steps, screenshots, logs, and impact notes.
  • High-risk vulnerabilities should be reported through a private contact channel.

Feedback intake

Security Report form

Complete the prompts below to send feedback to the ChemVault tracking queue. Required fields are marked with an asterisk.

8 required fields
Before submitting

Do not include passwords, API keys, payment details, private keys, or unrelated personal data. Redact sensitive text from screenshots, logs, and recordings.

Use an address the ChemVault team can contact for follow-up.

Use a view-only link and remove private data before sharing.

Permission to contact

Use an address the ChemVault team can contact for follow-up.

Responsible disclosure agreement

Confirm that the report will stay private while the ChemVault team reviews it.

Feedback is submitted to the ChemVault tracking queue. If the secure endpoint is unavailable, non-sensitive feedback can be opened as a prefilled GitHub issue.

Field guide

The final external form should include these fields or equivalent prompts.

  1. Reporter name
  2. Contact email
  3. Affected product
  4. Vulnerability type
  5. Severity estimate
  6. Description
  7. Steps to reproduce
  8. Impact
  9. Evidence
  10. Suggested fix
  11. Public disclosure status
  12. Permission to contact
  13. Responsible disclosure agreement
Submit Feedback