Skip to content

Request Security tab #110

Description

@geonhomin

Hello,

I am currently studying the source code of this project with a focus on security.

While I have not identified any vulnerabilities yet, I noticed that this repository does not currently have Private Vulnerability Reporting enabled. Without this feature, security researchers often face a dilemma: posting a potential exploit in a public issue (which puts users at risk) or struggling to find the correct contact email.

I highly recommend enabling the "Private vulnerability reporting" feature provided by GitHub.
This feature allows researchers to report security issues directly to the maintainers within GitHub's UI, keeping the details private until a patch is ready. It creates a safe channel for collaboration without exposing the vulnerability to the public.

Setting this up beforehand would be very helpful for me (and other researchers) to responsibly report any findings in the future.

Thank you for your hard work on this project!

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions