At Daytona, we take security seriously. If you believe you have found a security vulnerability in any Daytona-owned repository or service, please report it responsibly.
Please do NOT report security vulnerabilities through public GitHub issues.
Instead, please email us at: security@daytona.io
You can also report vulnerabilities privately through GitHub's security advisory feature.
Please include:
- Description of the vulnerability
- Steps to reproduce
- Impact assessment
- Any relevant screenshots or proof-of-concept
We will acknowledge receipt within 2 business days and provide an initial assessment within 5 business days.
We accept vulnerability reports for the latest stable release of Daytona.
Daytona supports safe harbor for security researchers who act in good faith and in accordance with this policy.