For the protection of our community, the Pkl team does not disclose, discuss, or confirm security issues until our investigation is complete and any necessary updates are generally available.

Reporting a security vulnerability

If you have discovered a security vulnerability within the Pkl project, please report it to us. We welcome reports from everyone, including security researchers, developers, and users.

Security vulnerabilities may be reported on the Report a vulnerability form. When submitting a vulnerability, select "Apple Devices and Software" as the affected platform, and "Open Source" as the affected area.