If you have found a security vulnerability in an active open-source repository created and owned by BigCommerce, please report it to our public bug bounty program. If you would prefer to submit via email, please send your report to [email protected]

Note: Only submissions to our bounty program on BugCrowd will be eligible for bounties. Bounty eligibility and amounts are determined according to the program guidelines.

Please do not use public issues to report security vulnerabilities.

Bugs in 3rd-party modules should be reported to those modules’ maintainers.