NVIDIA is dedicated to the security and trust of its software products and services, including all source code repositories managed through its organization.

If you need to report a security issue, use the appropriate contact points outlined below. Do not report security vulnerabilities through GitHub. If someone inadvertently reports a potential security issue through a public issue or pull request, NVIDIA maintainers may limit public discussion and redirect the reporter to the appropriate private disclosure channels.

To report a potential security vulnerability in any NVIDIA product:

• Web: Security Vulnerability Submission Form
• Email: psirt@nvidia.com
  • For secure email communication, use the following PGP key: NVIDIA public PGP Key for communication.
  • Include the following information:
    • Product/Driver name and version/branch that contains the vulnerability
    • Type of vulnerability (including code execution, denial of service, and buffer overflow)
    • Instructions to reproduce the vulnerability
    • Proof-of-concept or exploit code
    • Potential impact of the vulnerability, including how an attacker could exploit it

While NVIDIA does not currently have a bug bounty program, the team provides acknowledgment for externally reported security issues addressed under the coordinated vulnerability disclosure policy. Visit the Product Security Incident Response Team (PSIRT) policies page for more information.

For all security-related concerns, visit the NVIDIA Product Security portal.