# Drupal Security Policy

If you discover a security vulnerability in Drupal core or a contributed project
(module, theme, or distribution) keep it confidential and [report it to the Drupal security team](https://www.drupal.org/docs/develop/issues/issue-procedures-and-etiquette/reporting-a-security-issue).