Popcorn Time takes the security seriously.

If you believe you have found a security vulnerability in this repository, please report it responsibly.

• Use private vulnerability reporting on GitHub to submit directly.
• Alternatively, email us at hello@popcorntime.app.

• Vulnerabilities in this repository and related Popcorn Time open-source code.
• Popcorn Time apps and services operated under the official popcorntime.app domain.

For severe vulnerabilities we may offer rewards as a token of appreciation, depending on impact and severity. While we cannot guarantee payouts for all reports, critical findings will be prioritized.

• Do not publicly disclose vulnerabilities until we have confirmed and addressed the issue.
• We will work with you to verify the finding, assess severity, and publish a fix as quickly as possible.
• Credit will be given to reporters who wish to be acknowledged.

Thanks for helping make Popcorn Time safer for everyone.