# Reporting Security Issues
Please report security vulnerabilities on GitHub at:
<https://github.com/php/php-src/security/advisories/new>
If for some reason you cannot use the form at GitHub, or you need to talk to
somebody about a PHP security issue that might not be a bug report, please write
to <security@php.net>.
Vulnerability reports remain private until published. When published, you will
be credited as a contributor, and your contribution will reflect the MITRE
Credit System.
# Vulnerability Policy
Our full policy is described at
https://github.com/php/policies/blob/main/security-classification.rst
|