# Security Policy

---

## Security Information

Please see this wiki page for important notices about ArchiveBox security, publishing your archives securely, and the dangers of executing archived JS:

https://github.com/ArchiveBox/ArchiveBox/wiki/Security-Overview

Also see this section of the README about important caveats when running ArchiveBox:

https://github.com/ArchiveBox/ArchiveBox?tab=readme-ov-file#caveats

You can also read these pages for more information about ArchiveBox's internals, development environment, DB schema, and more:

- https://github.com/ArchiveBox/ArchiveBox#archive-layout
- https://github.com/ArchiveBox/ArchiveBox#archivebox-development
- https://github.com/ArchiveBox/ArchiveBox/wiki/Upgrading-or-Merging-Archives
- https://github.com/ArchiveBox/ArchiveBox/wiki/Troubleshooting

---

## Reporting a Vulnerability

We use Github's built-in [Private Reporting](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability) feature to accept vulnerability reports.

1. Go to the Security tab on our Github repo: https://github.com/ArchiveBox/ArchiveBox/security

2. Click the ["Report a Vulnerability"](https://github.com/ArchiveBox/ArchiveBox/security/advisories/new) button

3. Fill out the form to submit the details of the report and it will be securely sent to the maintainers

You can also contact the maintainers via our public [Zulip Chat Server zulip.archivebox.io](https://zulip.archivebox.io) or [Twitter DMs @ArchiveBoxApp](https://twitter.com/ArchiveBoxApp).