# Security Policy

## Reporting a Vulnerability

If you have any reason to believe that there are security vulnerabilities across any repository in the organisation,
please report to **[core@catppuccin.com](mailto:core@catppuccin.com)**.

We will respond within **2 - 3 business days.**
If the report is confirmed to be true, we will make the necessary changes required to fix the issue.
We will deploy a patch as soon as possible depending on the type of port and complexity of the issue.