Security Reporting

Here at shopware AG we are committed to provide secure products and services to our customers, and welcome reports from independent researchers, industry organizations, and other sources concerned with security. shopware AG defines a security vulnerability as an unintended weakness in a product that could allow an attacker to compromise the integrity, availability, or confidentiality of a product of service.

If you have discovered a potential security vulnerability with any of Shopware's systems, products and/or services, we are looking forward to receiving your report through by using the submission form below. Our dedicated team will investigate your report and contact you as soon as possible.

The potential vulnerability is evaluated and categorized into a severity level. Depending on the priority of the severity level of the found vulnerability, a corresponding reward is possible, about which you will be informed afterwards. To ensure a smooth communication and possible transaction, we need your contact information. Please fill out the form completely and truthfully so that we can process your request as soon as possible.

We appreciate your help in disclosing the issue to us responsibly.

Policy

Information about Shopware's Security Vulnerability Disclosure and Bug Bounty Program.

At Shopware, we are committed to provide secure products and services to our customers. If you have discovered a potential security vulnerability in any of Shopware's systems, products and/or services, we welcome your submission and appreciate you responsibly sharing the issue with us.

This program is intended for suspected security issues that may affect Shopware's customers, systems, products and/or services. If you are experiencing issues related to your Shopware product or a Shopware account, please contact our support team.

Shopware is looking forward to working with the security community to find security vulnerabilities to keep our business and customers safe.

Reports

Please submit a detailed description of the issue and the steps required to reproduce the issue you observed. In doing so, please try to protect the privacy, confidentiality, and integrity of our customers data - we greatly appreciate your help in protecting these rights.

Please understand that we cannot work with anyone who violates applicable laws or regulations, attempts to exploit a security issue, or accesses other users\' data.

Disclosure Policy

We ask the security research community to give us a reasonable opportunity to fix a vulnerability before we disclose it publicly. Please provide us with a detailed description of the issue and the steps required to reproduce the issue you observed. In doing so, please do everything you can to protect the privacy, confidentiality, and integrity of our customers data - we greatly appreciate your help in preserving these rights. Please understand that we cannot work with anyone who violates applicable laws or regulations, attempts to exploit a security issue, or accesses other users data.

Protecting the privacy, confidentiality and integrity of our customers data is of critical importance to Shopware. You agree not to disclose any security vulnerabilities reported to Shopware to any third party until you have received permission from Shopware to do so. We will endeavor to provide such permission within two to four weeks of the release of the fix that addresses the discovered vulnerability.

Duplicates

In case of different attack vectors resulting in the same mitigation, Shopware reserves the right to reward the first message validated for this mitigation. All subsequent messages affected by this mitigation will be considered duplicates, regardless of the attack vector.