Report Security Vulnerabilities

At Frappe, we believe a complete ERP system is the one that is able to handle all your business operations, including security. It is more secure than ever. It is not the perfect ERP software yet, but we are actively looking for more security holes to plug.

Security Vulnerability Report It is important to include at least the following information in the email:

Organization and contact name

Your Reference or Advisory Number

Description of the potential vulnerability

Supporting technical details (such as system configuration, traces, description of exploit or attack code, sample packet capture, proof of concept, and steps to reproduce the issue)

Information about known exploits

Disclosure plans, if any

If you want public recognition,

Please allow a reasonable time (10–15 days) for us to confirm and respond to the issue after reporting. You will hear from us when it is absolutely necessary.

Policy

You are responsible for complying with all applicable laws and must only ever use or otherwise access your own test accounts when researching vulnerabilities in any of our products or services. Access to or modification of user data is explicitly prohibited without prior consent from the account owner.

Provide details of the vulnerability finding, including information needed to reproduce and validate the report.

Do not attempt to perform brute-force attacks, denial-of-service attacks, compromises, or testing of ERPNext accounts that are not your own.

Do not attempt to target ERPNext/Frappe employees or its customers, including social engineering attacks, phishing attacks, or physical attacks.

List of Known Vulnerabilities

To view a list of known vulnerabilities that have already been fixed in the system, please visit the CVE References Page.

Missing the cookie banner? Go ahead and browse; we don't track you.

Report Security Vulnerabilities

Policy

Products

Services

About