Important
This document explains how to report security vulnerabilities in the Design Tokens Export & Deploy plugin or its backend API.
Report vulnerabilities through GitHub Private Vulnerability Reporting:
https://github.com/figma-css-variables/community/security/advisories
Do not open public issues for confirmed or suspected security vulnerabilities.
- Figma/Penpot plugin - the latest published version only
- Backend API - the latest deployed version only
Reports are reviewed and triaged as quickly as possible. You will receive acknowledgment when the report has been assessed.