# Security Policy

## Security advisories

Security advisories can be found on the
[LoopBack website](https://loopback.io/doc/en/sec/index.html).

## Reporting a vulnerability

If you think you have discovered a new security issue with any LoopBack package,
**please do not report it on GitHub**. Instead, send an email to
[security@loopback.io](mailto:security@loopback.io) with the following details:

- Full description of the vulnerability.
- Steps to reproduce the issue.
- Possible solutions.

If you are sending us any logs as part of the report, then make sure to redact
any sensitive data from them.