Hello,
Does Strapi has a bug bounty program? Where should security bugs and vulnerabilities be reported? What are the available communication channels for security related topics?
We do not have a bug bounty program.
For security related bugs, see our security policy: Security Policy · strapi/strapi · GitHub