Forge Security

Security Report Intake

Report a vulnerability.

Use this form for structured intake. For sensitive proof, submit a non-sensitive summary first and Forge will coordinate encrypted follow-up.

Do not include customer data, classified material, export-controlled material, credentials, or destructive proof in this form. Encrypt sensitive follow-up material with Forge's PGP public key after triage begins.

Forge confirms severity during triage using CVSS v3.1 as the baseline.

Keep the initial report concise and non-sensitive. Forge will request additional proof if needed.