Purpose
Security reports should be handled privately and responsibly.
- Do not publicly disclose vulnerabilities before the ChemVault team has reviewed them.
- Do not attack real user data, disrupt services, or upload malicious files.
- You may submit reproduction steps, screenshots, logs, and impact notes.
- High-risk vulnerabilities should be reported through a private contact channel.
Feedback intake
Security Report form
Complete the prompts below to send feedback to the ChemVault tracking queue. Required fields are marked with an asterisk.
Field guide
The final external form should include these fields or equivalent prompts.
- Reporter name
- Contact email
- Affected product
- Vulnerability type
- Severity estimate
- Description
- Steps to reproduce
- Impact
- Evidence
- Suggested fix
- Public disclosure status
- Permission to contact
- Responsible disclosure agreement