Skip to content

Security: getcursor/cursor

SECURITY.md

Vulnerability Disclosure Policy

This document outlines Cursor's vulnerability disclosure policy. For more information about Cursor's approach to security, please visit cursor.com/security.

Reporting a Vulnerability

Please do not report security vulnerabilities through public GitHub issues.

Instead, please report them to our GitHub Security page. If you prefer to submit one without using GitHub, you can also email us at security@cursor.com.

We commit to acknowledging vulnerability reports immediately, and will work to fix active vulnerabilities as soon as we can. We will publish resolved vulnerabilities in the form of security advisories on our GitHub security page. Critical incidents will be communicated both on the GitHub security page and via email to all affected users.

We appreciate your help in making Cursor more secure for everyone. Thank you for your support and responsible disclosure.

Learn more about advisories related to getcursor/cursor in the GitHub Advisory Database