Potential security vulnerabilities can be reported directly us at security@ghost.org. The Ghost Security Team communicates privately and works in a secured, isolated repository for tracking, testing, and resolving security-related issues.

The full, up-to-date details of our security policy and procedure can always be found in our documentation:

https://ghost.org/docs/concepts/security/

Please refer to this before emailing us. Thanks for helping make Ghost safe for everyone 🙏.