All security vulnerabilities can be reported to [[mailto:security@trustedfirmware.org]]. Alternatively, there are project specific aliases that can be used-
**Trusted-Firmware-A**
[[mailto:tf-a-security@lists.trustedfirmware.org]]
**Trusted-Firmware-M**
[[mailto:tf-m-security@lists.trustedfirmware.org]]
**Mbed TLS**
[[mailto:mbed-tls-security@lists.trustedfirmware.org]]
**Hafnium**
[[mailto:hafnium-security@lists.trustedfirmware.org]]