Do not open a public GitHub issue for security vulnerabilities.
Instead, report them privately:
- Go to Security → Advisories → Report a vulnerability on this repository, or
- Email the team lead directly at
YOUR_EMAIL@YOUR_ORG
We will acknowledge your report within 48 hours and aim to resolve confirmed vulnerabilities within 14 days.
This policy covers code and configuration in this repository. Third-party dependencies are out of scope — report those to the relevant upstream project.
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fix (optional but appreciated)