Skip to content

Security Policy

When you think you've discovered a security issue, please contact us at

Your report should at least include the following:

  • Version and architecture
  • Vulnerability description
  • Reproduction steps

We will then try to reproduce it, determine the impact, and get back to you as soon as possible.

Please also report vulnerabilities in third-party applications.

Responsible Disclosure

  • Only test for vulnerabilities on your own PhotoPrism instance
  • Confirm the vulnerability applies to a supported version
  • Share vulnerability details with us first
  • Wait for a fix before publicly sharing details