Please do not report security vulnerabilities through public GitHub issues.

If you believe you have found a security vulnerability in OpenPGP.js, please report it via email to security@openpgpjs.org. If possible, encrypt your message with our PGP key: it can be downloaded automatically using WKD, or manually on openpgpjs.org.

You should receive a response within 2 working days.