We strongly encourage you to report security vulnerabilities through GitHub's Private Vulnerability Reporting feature. This allows you to privately discuss the vulnerability with the maintainers without risking public exposure.
- Go to the Security tab of this repository.
- Click on "Report a vulnerability" to open a private advisory draft.
- Fill in the details of the vulnerability and submit the report.
Tip: While only a title and description are required, we strongly recommend following the structure of the GitHub Security Lab Report Template when writing your description. Providing detailed steps to reproduce (POC) helps us validate and fix the issue faster.
- Private Discussion: You will be automatically added as a collaborator on the draft security advisory, allowing us to discuss the details privately.
- Safe Collaboration: You can create a Temporary Private Fork directly from the advisory page to implement and test fixes without exposing the vulnerability.
- Credit: Once the advisory is published, you will be credited for your contribution (unless you choose otherwise).
The maintainers will be notified immediately and will work with you to address the issue. Please DO NOT open a public issue for security vulnerabilities.
Thank you for helping keep this project safe!