Skip to content

Security: Jaco-Ren/mem0

Security

SECURITY.md

Security Policy

We take the security of Mem0 and our community seriously. Thank you for helping keep Mem0 and its users safe by disclosing vulnerabilities responsibly.

Reporting a Vulnerability

Please do not report security vulnerabilities through public GitHub issues, pull requests, or discussions.

If you believe you have found a security vulnerability in Mem0, please report it privately through one of the following channels:

  1. GitHub Private Vulnerability Reporting — open a private security advisory directly on this repository.

  2. Email the maintainers at support@mem0.ai with the subject line:

    SECURITY: Mem0 vulnerability report

To help us triage and resolve the issue quickly, please include as much of the following as you can:

  • Affected component or package (e.g. Python SDK, TypeScript SDK, server, OpenMemory)
  • Affected version, tag, or commit
  • Clear, step-by-step reproduction instructions
  • The security impact and a proof of concept, if available
  • Any suggested fix or mitigation

Response Process

  • We will acknowledge receipt of your report within 72 hours.
  • We will work with you privately to confirm the issue and assess its impact.
  • Once a fix or mitigation is ready, we will coordinate a disclosure timeline with you and credit you for the discovery, unless you prefer to remain anonymous.

Public Disclosure

Please avoid sharing technical details of the vulnerability publicly until the maintainers have reviewed the issue and a fix or mitigation has been released. We are committed to resolving valid reports promptly and keeping you informed throughout the process.

Supported Versions

We release security fixes against the latest published version of each package. Whenever possible, please reproduce the issue on the most recent release before reporting.

There aren't any published security advisories