Report a vulnerability

Should you identify a vulnerability, we would appreciate your assistance by informing us about it.

Here's how you can report an issue:

1. Contact us by sending an email to

2. Describe the vulnerability in as much detail as possible. Information such as the conditions on which reproducing the bug is contingent, its potential impact, and your possible solutions are all very helpful.

3. Do not publicize the vulnerability until we've had a chance to investigate and respond to it.

Please do not open a GitHub issue if the bug is a security vulnerability.

Once we have received your email, we will strive to confirm the receipt within 3 business days.

After our initial assessment and reproduction of the vulnerability, we will aim to keep you informed about the progress towards the resolution, and may request additional information or guidance.

Spice AI does not yet have a paid bug bounty program.

Last updated