New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reporting a vulnerability #22
Comments
This issue is now marked as stale because it hasn't seen activity for a while. Add a comment or it will be closed soon. If you wish to exclude this issue from being marked as stale, add the "backlog" label. |
@igibek Hello! Thanks in advance! |
@igibek the private vulnerability reporting has now been enabled. @shirk3ysiili I'm pretty sure that the vulnerability is one of the dependency vulnerabilities found also by DependaBot alerts (as often these kinds of issues are opened automatically by security research companies when they run security analysis tools that can be compared to DependaBot). Unfortunately I've missed those as DependaBot PRs haven't been enabled for some reason (they were previously, not sure what happened, maybe I've accidentally disabled those)
|
I'm closing this issue as the original issue (enabling private vuln reporting) is done and also the current vulns are now patched via #28 |
Hello!
I hope you are doing well!
We are a security research team. Our tool automatically detected a vulnerability in this repository. We want to disclose it responsibly. GitHub has a feature called Private vulnerability reporting, which enables security research to privately disclose a vulnerability. Unfortunately, it is not enabled for this repository.
Can you enable it, so that we can report it?
Thanks in advance!
PS: you can read about how to enable private vulnerability reporting here: https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository
The text was updated successfully, but these errors were encountered: