If you believe you have found a security vulnerability in any GitHub-owned repository, please report it to us through coordinated disclosure.
Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.
Instead, please send an email to angelh1@student.unimelb.edu.au.
When reporting issues, please provide as much of the following information as possible, in order to help us better understand and resolve the issue:
- The type of issue (e.g., buffer overflow, SQL injection, or cross-site scripting)
- A summary of the security vulnerability and impact (e.g. how an attacker might exploit the issue)
- Full paths of source file(s) related to the manifestation of the issue
- The location of the affected source code (tag/branch/commit or direct URL)
- Component(s) affected
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
This information will help us understand the problem better, triage your report more quickly, and resolve the issue more accurately.
We request that you contact us via the email address above and give the project contributors a chance to resolve the vulnerability prior to any public exposure; this helps protect the website's users, and provides them with a chance to upgrade and/or update systematically.
Thank you for your cooperation!