# Security

## Reporting a vulnerability to Node.js Website

Please report security issues **privately** using the **GitHub Security Advisory**
workflow ([Security → “Report a vulnerability”](https://github.com/nodejs/nodejs.org/security/advisories/new)).

Do **not** open a public GitHub issue for security problems.

We aim to acknowledge reports within **7 business days**.
If you do **not** receive an acknowledgement within **7 business days**,
forward your report to **[tsc@nodejs.org](mailto:tsc@nodejs.org)**.

## Disclosure & advisories

Confirmed vulnerabilities will be published as a **GitHub Security Advisory**
(and assigned a CVE when applicable). Notices are also shared via:

- Node.js blog advisories: [https://nodejs.org/blog/vulnerability/](https://nodejs.org/blog/vulnerability/)
  when necessary.