Reporting security issues
We use hackerone to manage vulnerability reporting. Please report any security issues by sending an email to security@lovable.dev . You will receive a confirmation email with instructions on how to submit your report to the hackerone platform.
Guidelines
Scope
We are interested in vulnerabilities that affect the security of our users. This includes but is not limited to:
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- SQL injection
- Authentication bypass
- Authorization bypass
- Remote code execution
- Information disclosure
Out of scope
The following are generally not considered security vulnerabilities:
- Denial of service attacks
- Social engineering attacks
- Physical attacks
- Attacks requiring physical access to a user's device