Only the latest version receives security updates.
| Version | Supported |
|---|---|
| Latest | ✅ |
| Older | ❌ |
If you believe you have found a security vulnerability in Probo, please report it responsibly by emailing security@getprobo.com.
Please do NOT create public GitHub issues for security vulnerabilities.
- A clear description of the vulnerability
- Steps to reproduce the issue
- Affected version(s)
- Potential impact of the vulnerability
- Any suggested fix (optional but appreciated)
getprobo.comand all subdomains- Probo open source codebase (this repository)
- Authentication & authorization issues
- Data exposure vulnerabilities
- API security issues
- Injection vulnerabilities (SQLi, XSS, CSRF, etc.)
- Denial of Service (DoS/DDoS) attacks
- Social engineering attacks
- Physical security attacks
- Vulnerabilities in third-party services
- Issues already known or previously reported
- Automated scanner reports without proof of exploitability
| Timeline | Action |
|---|---|
| 48 hours | Acknowledgement of your report |
| 5 days | Initial assessment and severity rating |
| 30 days | Target resolution for critical/high issues |
| 90 days | Target resolution for medium/low issues |
We follow responsible disclosure — once a fix is released, we'll notify you and you're free to publish your findings.
We use the following severity ratings aligned with ISO/IEC 27001 and CVSS v3.1:
| Severity | Description |
|---|---|
| 🔴 Critical | Direct data breach, authentication bypass, RCE |
| 🟠 High | Privilege escalation, significant data exposure |
| 🟡 Medium | Limited data exposure, CSRF, open redirects |
| 🟢 Low | Minor issues, information disclosure |
| ℹ️ Info | Best practice improvements |
- We will not take legal action against researchers who follow responsible disclosure
- We will keep your report confidential
- We will credit you for your finding (if you wish)
- We will work with you to understand and resolve the issue
We appreciate security researchers who help keep Probo secure. Responsible disclosures will be acknowledged here. 🙏
Be the first to be listed here!
Last updated: March 2026 Aligned with ISO/IEC 27001:2022 Information Security Standards# Security Policy
If you believe you have found a security vulnerability in this project, please report it to us by emailing security@getprobo.com.
Please include:
- A description of the issue
- Steps to reproduce (if possible)
- The affected version(s)
Do not create public GitHub issues for security vulnerabilities.
- We'll acknowledge your report within 48 hours
- We'll provide updates as we investigate
- Once fixed, we'll notify you and publish an update
Only the latest version receives security updates.
Last updated: 2025-01-10