BigCommerce is dedicated to the responsible disclosure of security vulnerabilities. If you have found a security vulnerability in an active open-source repository created and owned by BigCommerce, please report it to our public bug bounty program. If you would prefer to submit via email, please send your report to security@bigcommerce.com.

We ask that you do not open a public GitHub issue to report security concerns.

Note: Only submissions to our bounty program on BugCrowd will be eligible for bounties. Bounty eligibility and amounts are determined according to the program guidelines.

Note: Bugs in 3rd-party modules and/or dependencies should be reported to the owners/maintainers or those modules and/or dependencies, BigCommerce has no control or authority over third party content.

Thank you in advance for collaborating with us to help protect us and our customers.