1 # Reporting Security Vulnerabilities
2 If you discover a security vulnerability in OpenEMR, there are 2 options for reporting the vulnerability to the OpenEMR security group.
4 ## Option 1. Report via huntr
5 - Report via [our huntr page](https://huntr.dev/repos/openemr/openemr/). Bounty eligibility, CVE assignment, response times and past reports are all there.
7 ## Option 2. Email security@open-emr.org
8 - Send an email to security@open-emr.org . If possible, please encrypt your email via PGP with this [public key](https://www.open-emr.org/files/openemr-security-pgp-key.asc).