Where to report security vulnerabilities?

Hello WeWeb community,

I have identified pretty serious security vulnerabilities affecting WeWeb while working with it.

Tried searching if WeWeb had a VDP (Vulnerability Disclosure Program) but didn’t find any.
So, for the past month, I have tried reaching the WeWeb team in order to disclose said vulnerabilities, but with no success. All of my emails to the contact email address and some of the team members went unanswered.

I am posting this here hoping that someone from the team sees it.

Have a nice evening !

Report them as a bug here. We take security issues seriously so the emails you sent might have not been seen.

Hey Luka,

Yeah, I figured as much. E-mails tend to get lost in inboxes, that’s why I decided to post on discourse.
I created a ticket on the support portal with the details of the findings, thanks for the reply.

Have a nice week-end !

Hello @luka,

I’ve seen that the team has been able to fix the vulnerabilities I reported, good work !

Now that the vulnerabilities have been fixed, I’m planning on writing a post detailing the findings on our company’s blog and as such wanted to check if WeWeb’s okay with publishing it unredacted. If not, that’s okay as I can redact the blog post before publishing.

Thanks a lot in advance and have a good day !

That would be an interesting read.

Definitely would be interesting to see, but I think we’ll never know

Just have to wait on WeWeb’s answer then
The findings individually are nothing to write home about, but the chain and final impact is pretty cool though

I’m curious for curiousity sake.