NVIDIA is dedicated to the security and trust of our software products and services, including all source code repositories managed through our organization.

If you need to report a security issue, please use the appropriate contact points outlined below. Please do not report security vulnerabilities through GitHub issues or pull requests. If a potential security issue is inadvertently reported through a public channel, NVIDIA maintainers may limit public discussion and redirect the reporter to the appropriate private disclosure channels.

Security fixes are handled for maintained release branches and the current main development branch at NVIDIA's discretion. Please include the affected commit, tag, branch, or container image digest when reporting an issue.

To report a potential security vulnerability in any NVIDIA product:

• Web: Report Vulnerability
• E-mail: psirt@nvidia.com

If reporting by e-mail, NVIDIA encourages encrypting the report with the NVIDIA public PGP key. Please include:

• Product name and affected version, branch, commit, or container image digest.
• Type of vulnerability, such as code execution, denial of service, buffer overflow, or privilege escalation.
• Instructions to reproduce the vulnerability.
• Proof-of-concept or exploit code, when available.
• Potential impact, including how an attacker could exploit the vulnerability.

NVIDIA currently has a closed bug bounty program, but continues to acknowledge externally reported security issues resolved under its coordinated vulnerability disclosure policy. See the NVIDIA PSIRT policies page for details.

For all security-related concerns, visit the NVIDIA Product Security portal.