Do not report vulnerabilities through public GitHub issues, discussions, pull requests, or any other public form of communication.
Please directly email security@forwardemail.net to report vulnerabilities. Depending on the severity of the vulnerability, and to our sole discretion, we may choose to award a bug bounty for the vulnerability disclosure.
To send us a PGP encrypted email, download our key at https://forwardemail.net/.well-known/openpgpkey/hu/mxqp8ogw4jfq83a58pn1wy1ccc1cx3f5.asc
See our signed security.txt file at https://forwardemail.net/security.txt for more insight.