# Security Policy

## How can I report a security bug?

[You can report security bugs through the official Query Monitor Vulnerability Disclosure Program on Patchstack](https://patchstack.com/database/vdp/query-monitor). The Patchstack team helps validate, triage, and handle any security vulnerabilities.

Do not report security issues on GitHub, on the WordPress.org support forums, or via email. Thank you.