Open Source Vulnerability Form
Tell us about a vulnerability in an AI/ML repository. It's important to support open source AI/ML repos big and small. That's why our bug bounty program rewards up to $1,500 and CVE attribution for AI/ML projects of all sizes.
For more information read our participation guidelines.
Please log in to continue. By logging in you agree to our terms of service.
Repository *
Package Manager *
Please choose a corresponding package manager for the repository.
Version Affected *
Please enter the version affected by the vulnerability.
Vulnerability Type*
Please classify your report accurately. Some vulnerability types are not eligible for automatic CVE assignment.
Please select a vulnerability type...
CVSS *
Please rate the severity of your report fairly; it affects your bounty. For more information on CVSS, click here.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Write-up *
Use the markdown template to explain further details about the vulnerability.
Occurrences *
Please provide every occurrence of this vulnerability as it appears in the repo using permalinks.
You will receive a 20% bonus of your base bounty for every occurrence (lines of code) that gets modified in the patch. If however, an occurrence you provide remains unchanged in the patch, you will not receive the bonus for that particular occurrence.
References
Please add any supporting references below and optionally give each a name.
Please note that after report submission you have 20 minutes to make edits,
afterwards you will be blocked from making any further changes.