To report a vulnerability, please [privately report it via the Security tab](https://github.com/nuxt/nuxt/security/advisories/new) on the correct GitHub repository (see [documentation](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability)). If that is impossible, feel free to send an email to **security@nuxtjs.org** instead.
All security vulnerabilities will be promptly verified and addressed.
While the discovery of new vulnerabilities is rare, we also recommend always using the latest versions of Nuxt and otherdependencies by maintaining lock files (`yarn.lock`, `package-lock.json` and `pnpm-lock.yaml`) in order to ensure your application remains as secure as possible.