If you believe you have found a security vulnerability in any repository within this organization, please report it responsibly.
- Preferred: Email the security team at [email protected]
- Alternative: Open a security advisory (private) if enabled in the target repository
Please include:
- A clear description of the issue and potential impact
- Steps to reproduce (POC if possible)
- Affected repository and commit/versions
- Any suggested mitigation or fix ideas
We aim to acknowledge reports within 3 business days and provide a timeline for remediation where applicable.
This policy applies to all repositories under this organization unless the repository specifies its own security policy.
We will not pursue legal action for good-faith, non-destructive research that follows this policy and respects privacy and data protection.
If you require encryption, please request our PGP key in your initial email and we will respond with details.
Notes for maintainers: Replace [email protected] with your org’s actual security contact or process, and update response timelines as appropriate.