If you believe you have found a security vulnerability in Nango, please report it responsibly.
Please do not open a public GitHub issue for security vulnerabilities.
You can report security issues by either:
- Emailing us at security@nango.dev
- Opening a private GitHub Security Advisory
Please include as much detail as possible, including:
- a description of the issue
- steps to reproduce
- affected component, endpoint, or version
- proof-of-concept details, if available
- potential impact
- whether any data was accessed
We ask that you do not publicly disclose the issue until we have had a reasonable opportunity to investigate and remediate it.
We will acknowledge receipt, investigate the report, and coordinate with you on remediation and disclosure where appropriate.
Nango does not currently operate a formal bug bounty program.
We may, at our discretion, offer recognition or rewards for significant valid findings.
Reports related to Nango Cloud, Nango Enterprise deployments, and the open source Nango repository are welcome.