From f656e14ef752cff1ea1eb15afa38a467edefc61d Mon Sep 17 00:00:00 2001
From: willchen96 <weiye.chen96@icloud.com>
Date: Sun, 17 May 2026 01:57:19 +0800
Subject: [PATCH] docs: add security reporting guidance

---
 CONTRIBUTING.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 04be6981a..5fbd2ed51 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -20,6 +20,12 @@ Thanks for helping improve Mike. Please keep contributions small, focused, and e
     - why
     - testing
 
+## Security
+
+Do not open a public issue for security vulnerabilities. Use [GitHub's private vulnerability reporting](https://github.com/willchen96/mike/security/advisories/new) instead.
+
+We will aim to respond promptly and coordinate a disclosure timeline with you.
+
 ## Local Development
 
 Backend: