Audits
Vaultwarden has been audit by security companies which helps keeping Vaultwarden secure.
Some audits were done without publishing anything data publicly because the companies which requested the audit with those security companies didn't allowed it, but those researchers did provide the results.
Some audits are publicly published and can be accessed by everyone.
Note
The site and report are both in German
BSI (Bundesamt für Sicherheit in der Informationstechnik), a German institute performed an audit on Vaultwarden v1.30.3 under there CAOS (Codeanalyse von Open Source Software) project.
The press release, including the PDF with the results for Vaultwarden can be found here: https://www.bsi.bund.de/DE/Service-Navi/Presse/Alle-Meldungen-News/Meldungen/Codeanalyse-KeePass-Vaultwarden_241014.html
They even have a more detailed ZIP file with all raw information located here: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Downloadserver/P486/CAOS_Vaultwarden.html
As a reference you can download the report here:
🏠 Wiki Home · 📖 FAQs · ⚙️ Configuration · 🔒 Hardening Guide · 🐳 Docker
❤️ Love Vaultwarden? Consider supporting upstream Bitwarden — without their work, this project wouldn't exist.
Vaultwarden is an unofficial, community-driven Bitwarden-compatible server. It is not associated with, endorsed by, or affiliated with Bitwarden, Inc. — "Bitwarden" is a trademark of Bitwarden, Inc.
Maintained with care by @dani-garcia and contributors · Wiki content licensed under the project's terms