I take the security of my software and services serious, which includes all my repositories.
If you believe you have found a security vulnerability in any of my repositories, please report it as described below.
Please do not report security vulnerabilities through public GitHub issues. This is a security risk itself, as it could allow malicious users to exploit the vulnerability before it is fixed.
Instead, please open a Draft Security Advisory.
Please include the requested information listed below (as much as you can provide) to help me better understand the nature and scope of the vulnerability:
- Type of issue (e.g., buffer overflow, SQL injection, cross-site scripting, credentials stored in code, etc.).
- Full paths of source file(s) related to the manifestation of the issue.
- The location of the affected source code (tag/branch/commit or direct URL).
- Any special configuration required to reproduce the issue.
- Step-by-step instructions to reproduce the issue.
- Proof-of-concept or exploit code (if possible).
- Impact of the issue, including how an attacker might exploit the issue.
This information will help me to understand your report more quickly.
I prefer all communications to be in English. This helps to ensure that vulnerabilities are understood and can be addressed quickly.