Thank you for helping keep Borda projects and their users safe! We take security seriously and appreciate responsible disclosure of any vulnerabilities.

Security updates are typically provided for the latest stable release of each project. Individual repositories may specify their own support policies if they differ from this default.

💡 Tip: Always use the latest version to benefit from security patches and improvements.

Please do NOT report security vulnerabilities through public GitHub issues.

Instead, report security vulnerabilities through one of these private channels:

1. GitHub Security Advisories (preferred) — Use the "Report a vulnerability" button on the repository's Security tab
2. Private/Direct contact — Email the project maintainer directly if their contact information is available

When reporting a vulnerability, please provide:

• Description — A clear explanation of the vulnerability
• Impact — What could an attacker potentially do?
• Steps to reproduce — Detailed steps to demonstrate the issue
• Affected versions — Which versions are impacted?
• Suggested fix — If you have one (optional but appreciated)

After you submit a report:

🙏 We appreciate your patience. Open source maintainers often work on projects in their spare time.

When using Borda projects, we recommend:

• Keep dependencies updated — Regularly update to the latest versions
• Review security advisories — Watch repositories for security announcements
• Follow least privilege — Use minimal permissions required
• Validate inputs — Always sanitize external data in your applications

We believe in recognizing security researchers who help improve our projects:

• Public acknowledgment in release notes and security advisories
• Addition to a project's SECURITY.md acknowledgments section (if applicable)
• Our sincere gratitude for helping keep users safe

• GitHub Security Advisories
• Responsible Disclosure Guidelines