Skip to content
Switch branches/tags
Go to file
Cannot retrieve contributors at this time

Security Policy

Supported Versions

The following versions are currently being supported with security updates.

Version Supported
4.x ✔️
3.x ✔️
< 1.0

Reporting a Vulnerability

If you believe you have found a security issue with any of Gatsby's open source or commercial offerings, we would love to receive your report! Security findings can be emailed to

When reporting a security issue, describe the issue in detail and include steps to reproduce. The more detail provided, the more likely we will be able to reproduce the issue and determine a course of action.

Please do not report findings from npm audit. We are aware of package dependency issues that are reported by this tool and do review these reports. In many cases the issues reported by npm audit are misleading and do not present a tangible/exploitable security risk for Gatsby users.