The Frappe team and community take security issues in the Frappe Framework seriously. To report a security issue, please go through the information mentioned here.

You can help us make Frappe and consequently all Frappe dependent apps like ERPNext more secure by following the Reporting guidelines.

We appreciate your efforts to responsibly disclose your findings. We'll endeavor to respond quickly, and will keep you updated throughout the process.