PDFToolkit

Vulnerability disclosure

PDFToolkit welcomes responsible security reports that help protect uploaded documents and site visitors.

Please include the affected page, steps to reproduce, expected impact, and a safe proof of concept. Do not include private third-party documents.

Testing must avoid service disruption, social engineering, credential attacks, and attempts to access data that does not belong to you.

Security reports can be sent to support@pdftoolkit.top.

Vulnerability disclosure FAQ

Where do I send a security report?

Email support@pdftoolkit.top with a clear description, affected URL, reproduction steps, and impact.

Should I include sensitive files?

Avoid sending private documents. Use a minimal test file whenever possible.

What testing is not allowed?

Do not run denial-of-service testing, access other users' data, or upload harmful files to prove impact.