We take the security of Pullminder seriously. If you discover a security vulnerability, please report it responsibly.
Do NOT open a public GitHub issue for security vulnerabilities.
Instead, please email us at security@pullminder.com with:
- A description of the vulnerability
- Steps to reproduce the issue
- The potential impact
- Any suggested fixes (optional)
- Acknowledgment: Within 48 hours of receiving your report
- Initial Assessment: Within 5 business days
- Resolution: We aim to resolve critical vulnerabilities within 30 days
We provide security updates for the latest release of each package.
| Package | Supported |
|---|---|
| CLI (latest) | Yes |
| GitHub Action (v1) | Yes |
The following are in scope for security reports:
- Pullminder CLI
- Pullminder GitHub Action
- Pullminder web application (pullminder.com / app.pullminder.com)
- Pullminder API
We appreciate security researchers who help keep Pullminder safe. With your permission, we will acknowledge your contribution in our release notes.