Skip to main content
NVIDIA is dedicated to the security and trust of our software products and services, including all source code repositories managed through our organization.
Do not report security vulnerabilities through GitHub.Please use the appropriate contact points outlined below.

Reporting a Security Vulnerability

To report a potential security vulnerability in any NVIDIA product:

Contact Methods

Web Form

Security Vulnerability Submission Form

Email

psirt@nvidia.comDownload NVIDIA PGP Key for secure communication

Information to Include

When reporting a security issue, please include the following information:
1

Product Information

Product/Driver name and version/branch that contains the vulnerability
2

Vulnerability Type

Type of vulnerability (code execution, denial of service, buffer overflow, etc.)
3

Reproduction Steps

Instructions to reproduce the vulnerability
4

Proof of Concept

Proof-of-concept or exploit code (if available)
5

Impact Assessment

Potential impact of the vulnerability, including how an attacker could exploit it

Example Report Template

**Product/Version**: AlpaSim v2.3.26

**Vulnerability Type**: [e.g., Code Execution, DoS, Buffer Overflow]

**Description**: [Detailed description of the vulnerability]

**Reproduction Steps**:
1. [Step 1]
2. [Step 2]
3. [Step 3]

**Proof of Concept**:
[Code or detailed exploit steps]

**Impact**:
[Description of potential impact and exploitation methods]

**Suggested Fix** (optional):
[Your suggestions for addressing the vulnerability]

Secure Email Communication

We encourage you to use PGP encryption for secure email communication:

NVIDIA PGP Key

Download the NVIDIA public PGP Key for encrypted communication with PSIRT.

Coordinated Vulnerability Disclosure

While NVIDIA currently does not have a bug bounty program, we do offer acknowledgement when an externally reported security issue is addressed under our coordinated vulnerability disclosure policy.
For more information, visit the Product Security Incident Response Team (PSIRT) policies page.

Response Process

You will receive an acknowledgement of your report within a reasonable timeframe.
Our security team will investigate the reported vulnerability and determine its severity and impact.
If the vulnerability is confirmed, we will work on a fix and coordinate the disclosure timeline with you.
You may be acknowledged in our security advisories if you choose (anonymous reports are also accepted).

NVIDIA Product Security

For all security-related concerns, please visit:

NVIDIA Security Portal

Visit the NVIDIA Product Security portal for security advisories, policies, and resources.

Security Best Practices

When using AlpaSim, consider the following security best practices:
  • Never commit sensitive credentials or API keys to the repository
  • Use environment variables for secrets (e.g., HF_TOKEN)
  • Keep dependencies up to date
  • Review security advisories regularly
  • Use secure communication channels for sensitive data

Next Steps

Contributing

Learn how to contribute securely

License

View license information

Build docs developers (and LLMs) love

Get started for freeTalk to us