Skip to content

Security: tc39/ecma262

SECURITY.md

TC39 Vulnerability Disclosure Policy

Reporting Guidelines

  • If a security issue is present in an implementation, then report it directly to the relevant project.
  • If a security issue is present in a TC39 specification, let us know.
    • Include any relevant links to corroborative information, e.g. vulnerability reports, reference IDs, etc.
  • If you are unable to determine whether a security issue is implementation-specific, let us know.

Reporting to TC39

Report using GitHub by visiting the security advisories page of the relevant repository, such as:

Alternately, send an email to [email protected]

Reporting to Projects

Note

This list is not exhaustive.

Engine/Runtime Used In Link to Report
JavaScriptCore Safari, Bun Report
SpiderMonkey Firefox Report
V8 Chrome, Chromium, Edge, Node, Deno Report
Node Report
Deno Report
Bun Report
Learn more about advisories related to tc39/ecma262 in the GitHub Advisory Database