Our top priority is keeping our customers' data safe. If you have found an issue in our systems, please reach out to us.
If you believe you have found a vulnerability, please disclose by contacting us: [email protected]
Please try your best to describe a clear and realistic impact for your report.
| Version | Supported |
|---|---|
| main branch | ️✅ |
| any other | ❌ |
Note: Please use a self-hosted instance to perform any tests. Do not use the production app.highlight.io product for security testing.
- Remote command execution
- SQL Injection
- Cross-site scripting (XSS)
- Performing admin actions without authorization
We consider the following out of scope, though there may be exceptions.
- Reports from automated tools or scanners
- Theoretical attacks without proof of exploitability
- Social engineering
- Physical attacks
- Denial of Service attacks
- Brute force attacks
Thank you for keeping highlight.io and our users safe. 🙇