# Security policy

## Reporting a vulnerability

When you identify a vulnerability in HTTPie, please report it privately using one of the following channels:

- Email to [`security@httpie.io`](mailto:security@httpie.io)
- Report on [huntr.dev](https://huntr.dev/)

In addition to the description of the vulnerability, include the following information:

- A short reproducer to verify it (it can be a small HTTP server, shell script, docker image, etc.)
- Your deemed severity level of the vulnerability (`LOW`/`MEDIUM`/`HIGH`/`CRITICAL`)
- [CWE](https://cwe.mitre.org/) ID, if available.