This organization is early-stage. Security support applies to the default branch of each active public repository unless that repository documents a different support policy.
Please do not report vulnerabilities in public issues with exploit details.
Preferred reporting path:
- Use GitHub's private vulnerability reporting or security advisory flow on the affected repository, when available.
- If private reporting is not available, open a minimal public issue asking for a private maintainer contact path. Do not include sensitive details, proof-of-concept exploit code, credentials, or private data in that public issue.
Include:
- affected repository and version or commit;
- impact and attack scenario;
- reproduction steps or proof of concept, if safe to share privately;
- any known mitigations.
Maintainers will acknowledge valid reports as quickly as practical and coordinate disclosure based on severity, exploitability, and available fixes.