I recently audited this project and found several security vulnerabilities. I would like to report them privately so they can be fixed before any public disclosure.
I noticed the repository currently lacks:
- A
SECURITY.md file
- A vulnerability disclosure policy
- Security-related issue templates or labels
Could you advise:
- Is there a preferred email or private channel where I can send the detailed vulnerability report?
- Would you prefer I use the GitHub Security Advisory feature instead?
- Would you consider adding a
SECURITY.md to guide future reporters?
Thank you!
I recently audited this project and found several security vulnerabilities. I would like to report them privately so they can be fixed before any public disclosure.
I noticed the repository currently lacks:
SECURITY.mdfileCould you advise:
SECURITY.mdto guide future reporters?Thank you!