Security & ComplianceResponsible Disclosure

Responsible Disclosure

We value the security community and prioritize the security of our systems. We encourage the responsible disclosure of security vulnerabilities to help us protect the security and privacy of our users and customers.

Reporting a Vulnerability

If you believe you have found a security vulnerability in Langfuse, please send an actionable vulnerability report to [email protected].

Please include the following details in your report:

  • A clear description of the vulnerability, including its potential impact.
  • Steps to reproduce the vulnerability, including any specific configurations or conditions required.
  • Any proof-of-concept code, scripts, or screenshots that demonstrate the vulnerability.

We will acknowledge receipt of your report, typically within 2 business days, and will work with you to understand and resolve the issue.

Our Commitment

  • We will investigate reported vulnerabilities promptly.
  • We will keep you informed of our progress.
  • We will take appropriate steps to remediate confirmed vulnerabilities.
  • We will publicly acknowledge your contribution if you wish, once the vulnerability is fixed.

Bug Bounty Program

Please note that we currently do not operate a formal bug bounty program with monetary rewards.

Hall of Fame

We appreciate the efforts of security researchers who help keep Langfuse secure. The following individuals have responsibly disclosed vulnerabilities that led to improvements:

Reported byPR with fixDescription
Ather Iqbal#4434Password complexity + block links in user name

Contact

For all security-related inquiries, including vulnerability disclosures, please contact [email protected].

Was this page useful?

Questions? We're here to help

Subscribe to updates