docs: add security report issue template #287
Conversation
Introduced a structured security report template to help users report vulnerabilities in a consistent and actionable format.
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
| If possible, please provide steps to reproduce the issue (without sharing sensitive information publicly). | ||
|
|
||
| **Additional Information** | ||
| Any other information that might be helpful for investigation. |
There was a problem hiding this comment.
Security reports via public issues enables vulnerability disclosure
Medium Severity
This template directs users to report security vulnerabilities through public GitHub issues. Security vulnerabilities should be reported privately to prevent attackers from exploiting them before fixes are available. The template even acknowledges the public nature by asking users not to share sensitive information publicly, but the fundamental issue remains that any reported vulnerability becomes immediately visible. Consider using GitHub's private vulnerability reporting feature or directing users to a SECURITY.md file with private contact information instead.
1 participant
Introduced a structured security report template to help users report vulnerabilities in a consistent and actionable format.
Note
Low Risk
Adds a GitHub issue template only; no runtime code or security-sensitive logic changes. Risk is limited to minor workflow/triage impact.
Overview
Adds a new GitHub issue template
security_report.mdto standardize how users report vulnerabilities (detail, impact, repro steps, additional info) and auto-apply thesecuritylabel with a[SECURITY]title prefix.Written by Cursor Bugbot for commit 9a71d06. This will update automatically on new commits. Configure here.