If you believe you have discovered a vulnerability in EspoCRM, please contact us via this or this forms. Or create a private vulnerability report on GitHub.

For severe vulnerabilities we provide fixes for 2 minor versions (the second number in the version string) back from the current stable version.