As a U.S. Government agency, the General Services Administration (GSA) takes seriously our responsibility to protect the public's information, including financial and personal information, from unwarranted disclosure.
Services operated by the U.S. General Services Administration (GSA) are covered by the GSA Vulnerability Disclosure Program (VDP).
See the GSA Vulnerability Disclosure Policy at https://www.gsa.gov/vulnerability-disclosure-policy for details including:
- How to submit a report if you believe you have discovered a vulnerability.
- GSA's coordinated disclosure policy.
- Information on how you may conduct security research on GSA developed software and systems.
- Important legal and policy guidance.
Certain GSA/TTS programs have bug bounties that are not discussed at the above link. If you find security issues for any of the following domains:
- 18f.gov
- cloud.gov
- fedramp.gov
- login.gov
- search.gov
- usa.gov
- vote.gov
you should also review the GSA Bug Bounty program at https://hackerone.com/gsa_bbp/ for a potential bounty.
Please note that only certain branches are supported with security updates.
| Version (Branch) | Supported |
|---|---|
| main | ✅ |
| other | ❌ |
When using this code or reporting vulnerabilities please only use supported versions.