To report security issues in LLVM, please follow the steps outlined on the LLVM Security Group page.

Many of LLVM's tools are explicitly not considered to be hardened against malicious input. Bugs in LLVM tools like buffer overreads or crashes are valuable to report as Issues, but aren't always seen as security vulnerabilities. Please see our documentation for a more precise definition of a security issue in this repository.