NVIDIA is dedicated to the security and trust of our software products and services, including all source code repositories managed through our organization.
If you need to report a security issue, please use the appropriate contact points outlined below. Please do not report security vulnerabilities through GitHub/GitLab.
To report a potential security vulnerability in any NVIDIA product:
- Web: Security Vulnerability Submission Form
- E-Mail: psirt@nvidia.com
- We encourage you to use the following PGP key for secure email communication: NVIDIA public PGP Key for communication
- Please include the following information:
- Product/Driver name and version/branch that contains the vulnerability
- Type of vulnerability (code execution, denial of service, buffer overflow, etc.)
- Instructions to reproduce the vulnerability
- Proof-of-concept or exploit code
- Potential impact of the vulnerability, including how an attacker could exploit the vulnerability
While NVIDIA currently does not have a bug bounty program, we do offer acknowledgement when an externally reported security issue is addressed under our coordinated vulnerability disclosure policy. Please visit our Product Security Incident Response Team (PSIRT) policies page for more information.
For all security-related concerns, please visit NVIDIA's Product Security portal at https://www.nvidia.com/en-us/security