Security fixes are applied on the default branch first and included in future releases.
Please do not open public issues for suspected vulnerabilities.
Preferred channel:
- Use GitHub Security Advisories for this repository:
https://github.com/darshan09/pricegrid/security/advisories/new
Alternative (if advisory creation is unavailable):
- Contact maintainers privately using the contact details you publish in the repository profile.
Please include:
- vulnerability description
- impact assessment
- affected versions/commit ranges
- reproduction steps and proof-of-concept (if available)
- suggested remediation (optional)
- Initial acknowledgement target: within 72 hours.
- Triage/update target: within 7 days.
- We prefer coordinated disclosure after a fix is available.
- Dependency vulnerabilities are in-scope if they are exploitable in this project.
- Reports that only contain automated scanner output without a viable exploit path may be deprioritized.