Questions Regarding Security and Security Reports in Vaultwarden

[Arbupl]

Hello everyone,

First question:
I would like to know more about the security of the Vaultwarden code (formerly known as Bitwarden_RS). Has the Vaultwarden code undergone security audits by professionals or independent security researchers? If yes, could you provide me with information about the results of these audits and the measures taken to enhance the project's security?

Second question:
I am currently using Vaultwarden to manage my passwords and I was wondering if it's possible to disable the security reports. Is there an option to turn off security reports in Vaultwarden? If yes, could you please guide me on how to proceed?

[BlackDex]

There have been no security audits done on the Vaulwarden code as far as we know.

Some security issues have been reported since this project has been active, and they have been fixed. Which they were exactly I'm not sure from the top of my head. And most (if not all) of them were not actually usable, but better to be safe and add a check for them anyway.

Regarding your second question, i think you revere to a web-vault feature. That is not something we can enable/disable on the server side.
We only use a minimal patched version of the web-vault provided by Bitwarden just to have it workable for Vaultwarden.