Our team is trying to make sure that our code is secure. Nevertheless, we are very grateful for anyone who finds a security vulnerability and reports it to us.
Please do not report security vulnerabilities through Github directly. Because Github issues are public, this could result in directly disclosing the vulnerability.
Please send any request regarding a potential security vulnerability with all the information that could help to security@digitalservice.bund.de. You can use our public key to encrypt your mail. If possible please note the release version or the commit id of the main branch that you have investigated.