Skip to content

Security: deepset-ai/haystack

SECURITY.md

Security Policy

Report a Vulnerability

If you found a security vulnerability in Haystack, send a message to security@deepset.ai.

In your message, please include:

  1. Reproducible steps to trigger the vulnerability.
  2. An explanation of what makes you think there is a vulnerability.
  3. Any information you may have on active exploitations of the vulnerability (zero-day).

Vulnerability Response

We'll review your report within 5 business days and we will do a preliminary analysis to confirm that the vulnerability is plausible. Otherwise, we'll decline the report.

We won't disclose any information you share with us but we'll use it to get the issue fixed or to coordinate a vendor response, as needed.

We'll keep you updated of the status of the issue.

Our goal is to disclose bugs as soon as possible once a user mitigation is available. Once we get a good understanding of the vulnerability, we'll set a disclosure date after consulting the author of the report and Haystack maintainers.

Learn more about advisories related to deepset-ai/haystack in the GitHub Advisory Database