UMS Bot Core is a Discord bot that handles user data (Discord IDs, usernames, tournament info). Security reports are welcome and appreciated.
-
GitHub Security Advisory (preferred)
Use GitHub's private security advisory feature if available. -
Email
Open an issue on GitHub: https://github.com/Comradecast/UMS/issues
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
Security issues we care about:
- Token/credential exposure
- Permission escalation
- Data exposure or leakage
- SQL injection or similar attacks
- Denial of service vectors
We will:
- Acknowledge receipt within 48 hours
- Investigate and respond within 7 days
- Credit reporters (unless they prefer anonymity)
This is a community-maintained, best-effort project. We do not guarantee formal SLAs or response times, but we take security seriously and will address issues as quickly as possible.