Report a security bug

Some specific things not to report to libssh!

Reporting Security Defects in libssh

Please report all security defects to and never on IRC, matrix, public mailing lists or in our Bug Tracker. If your vulnerability meets the eligibility criteria you can request a bug bounty.

You can find details about our security process here. We can also suggest the talk from Jeremy Allison about Handling Security Flaws in an Open Source Project.