To report a security vulnerability, please draft an advisory through Github, or email the marimo team; engineering [at] marimo [dot] io.
Advisories will be escalated to a CVE and/or a general advisory issued if end-users are directly impacted. Attribution for any actionable report will be provided in the section below (unless anonymity is preferred).
We appreciate the efforts of those who report vulnerabilities, and thank the FOSS community at large for their contributions to security. We would like to acknowledge the contributions of the following individuals for their reporting:
- @AlexanderBarabanov
- @pwntester
- @s-celles