Welcome to our dedicated repository for responsible disclosure of security vulnerabilities. We are committed to ensuring the security of our applications, data, and users, and we appreciate the assistance of the security community in identifying potential vulnerabilities.
If you believe you’ve found a security vulnerability in one of our repositories or systems, please follow these steps:
- Navigate to this Repository’s Security Tab: Go to the main page of this repository, select the Security tab, and click Report a Vulnerability.
- Fill out the Form: Complete the GitHub advisory form with as much detail as possible (steps to reproduce, impact assessment, and any supporting details).
- Submit: Once submitted, GitHub will notify our security team, and we will begin reviewing your report.
For more information on GitHub’s private vulnerability reporting, see GitHub’s official documentation.
To help us investigate effectively, please provide:
- Description: A summary of the vulnerability and affected components.
- Steps to Reproduce: Step-by-step instructions on reproducing the issue.
- Impact Assessment: Your perspective on the potential impact of the vulnerability.
- Supporting Evidence: Screenshots, logs, or code snippets as appropriate.
We ask all security researchers to:
- Avoid Disrupting Production Systems: Conduct research without impacting production or accessing personal data.
- Respect Privacy: Refrain from accessing or modifying user data without authorization.
- Allow for Remediation Time: Give us a reasonable time to respond and remediate the issue before making any public disclosures.
- Acknowledgment: We will acknowledge receipt of your report within 3–5 business days.
- Collaboration: We may reach out for additional information or clarification.
- Resolution: We aim to address verified vulnerabilities as quickly as possible and will keep you updated throughout the process.
- Recognition: If you wish, we are happy to provide credit in our changelog or advisory.
We will not pursue legal action against researchers who:
- Act in good faith, following our responsible disclosure guidelines.
- Avoid causing harm or violating privacy during testing.
By contributing responsibly, you help us maintain a secure environment for our users, and we greatly appreciate your assistance.