If you discover a security vulnerability in OpenEMR, there are 2 options for reporting the vulnerability to the OpenEMR security group.

• Report via our huntr page. Bounty eligibility, CVE assignment, response times and past reports are all there.

• Send an email to security@open-emr.org . If possible, please encrypt your email via PGP with this public key.