Report a vulnerability on has registered its application repositories (jgraph/drawio and jgraph/drawio-desktop) on This service is used by security researchers and developers to report security vulnerabilities in any GitHub repository, and receive a bug-bounty for their report.

  1. Authorise to access your GitHub account, if you haven’t already done so - click on Login in the top right of the page, and follow the prompts to authorise access.
  2. View the jgraph/drawio or the jgraph/drawio-desktop listing.
  3. Click on the Submit report link - below and to the right of the listing - and fill in the report form with as much detail as you can.

Note: Reporting the same bug in both repositories will mark one as a duplicate.

We will review and validate your report if the bug is indeed a security risk. You’ll receive a notification via email on validation and confirmation of a bug-fix once it is released.

At this point, will calculate the CVE bounty - based on the severity of the valid and fixed security vulnerability - then release the bounty to you as per their payment terms.