Noir is not fully audited and is not recommended for use in production.
| Version | Supported |
|---|---|
| All versions | ❌ Not production ready |
Noir sets out to be a secure language for developing zero-knowledge proofs. We thank you for taking the time to responsibly disclose any vulnerabilities you find.
Bugs are all unexpected behaviors in the system, while vulnerabilities are a subset of bugs that are abusable for malicious intents:
- If your bug is not necessarily abusable for malicious intents, create a public bug report
- If your bug is abusable, report it following the steps below
Report all vulnerabilities using "Report a vulnerability", which will create a private GitHub security advisory, notify, and be accessible to a small security team who will scope out and execute next steps in addressing the vulnerability. The security team may reach out to you on GitHub for additional details and guidance.
You may find GitHub's documentation on best practices for writing repository security advisories useful for filling out the reporting form.
Please DO NOT report vulnerabilities using public GitHub Issues. That would expose Noir projects to undesirable risks of being exploited.