We rely on NPM's security advisory process for reporting vulnerabilities.

You can submit a vulnerability in a Storybook package at: https://www.npmjs.com/advisories/report

You can also reach out to the maintainers directly on Twitter: https://twitter.com/storybookjs

When we fix a security issue, we will post a security advisory on Github/NPM, describe the change in the release notes, and also announce notify the community on our Discord.