Vulnerability disclosure
PDFToolkit welcomes responsible security reports that help protect uploaded documents and site visitors.
Please include the affected page, steps to reproduce, expected impact, and a safe proof of concept. Do not include private third-party documents.
Testing must avoid service disruption, social engineering, credential attacks, and attempts to access data that does not belong to you.
Security reports can be sent to support@pdftoolkit.top.
Vulnerability disclosure FAQ
Where do I send a security report?
Email support@pdftoolkit.top with a clear description, affected URL, reproduction steps, and impact.
Should I include sensitive files?
Avoid sending private documents. Use a minimal test file whenever possible.
What testing is not allowed?
Do not run denial-of-service testing, access other users' data, or upload harmful files to prove impact.