Security fixes are released for the latest published version of Teable. Please make sure you are running the most recent release before reporting.
Please do not open a public issue, pull request, or discussion for security vulnerabilities.
Report privately through GitHub's Private vulnerability reporting (the "Report a vulnerability" button on the repository's Security tab).
A good report includes:
- The type of issue and the affected component or endpoint.
- Steps to reproduce, ideally with a minimal proof of concept.
- The version or commit you tested against.
- The potential impact.
Please test only against your own local instance — never against production or other users' data.
- We aim to acknowledge new reports within a few business days.
- We follow coordinated disclosure: details stay private until a fix is released.
- With your consent, we credit reporters in the published advisory and request a CVE where applicable.
Thank you for helping keep Teable and its users safe.