For vulnerabilities in the Source Engine, contact Valve on HackerOne.

For exploits that could cause damage to computers running the game (buffer overflow, RCE, DoS, etc.), or in websites related to the game, submit a ticket at https://reactivedrop.com/feedback or send an email to [email protected].

For gameplay exploits (ie. the kind speedrunners care about), feel free to report them as issues on this repository. Gameplay exploits that can be performed on an unmodified client (that is, no settings changed from defaults) that are not easy to perform by accident will likely not be fixed, but are still useful to know about in case they can result in a soft lock or are related to other bugs in the game.

To report a player for cheating, use the Steam report function. If you would like to report a method of cheating, please use https://reactivedrop.com/feedback.

For other security-related reports, use your best judgement on whether to report it publicly on this repository or privately through https://reactivedrop.com/feedback or [email protected].