You can privately report a vulnerability to us by sending a report to this private mailing list mailto:openrefine-coredev@googlegroups.com

Our core team will try their best to fix any valid vulnerability that is reported to them.

Keep in mind that OpenRefine is designed to run locally on a users PC, while also making network calls across the internet only upon a users choice or command.

As such, certain vulnerabilities might not apply to OpenRefine's design.