Contributing to the Go Vulnerability Database

Go is an open source project.

It is the work of hundreds of contributors. We appreciate your help!

Reporting a vulnerability

To report a new public vulnerability, open an issue, send a GitHub PR, or mail a Gerrit CL.

Please read the Contribution Guidelines before sending patches.

Contributor License Agreement

Contributions to this project must be accompanied by a Contributor License Agreement (CLA). You (or your employer) retain the copyright to your contribution; this simply gives us permission to use and redistribute your contributions as part of the project. Head over to to see your current agreements on file or to sign a new one.

You generally only need to submit a CLA once, so if you‘ve already submitted one (even if it was for a different project), you probably don’t need to do it again.