Security advisories can be found on the LoopBack website.

If you think you have discovered a new security issue with any LoopBack package, please do not report it on GitHub. Instead, send an email to security@loopback.io with the following details:

• Full description of the vulnerability.
• Steps to reproduce the issue.
• Possible solutions.

If you are sending us any logs as part of the report, then make sure to redact any sensitive data from them.