Thank you for helping keep 45-Days-Python-Development-Challenge safe for learners and contributors. This repository contains learning materials, Python scripts, and small projects; security issues usually involve malicious code, dependency risks, or leaked secrets.
Please follow responsible disclosure. Do not open a public GitHub issue for security reports.
- Use GitHub Security Advisories (private reporting): go to the repo → Security → Report a vulnerability
- Email the maintainer privately at
abhisek2004panda@gmail.com
- What you found and why it’s a security risk
- Exact file path(s) / folder(s) affected
- Steps to reproduce (safe PoC if possible)
- Suggested fix or mitigation (optional)
- Whether any secrets/credentials were exposed
- Initial response: typically within 48–72 hours
- Fix timeline depends on severity and complexity (critical issues prioritized)
| Version / Branch | Status | Notes |
|---|---|---|
main |
Supported | Security fixes are applied here |
| Feature branches / forks | Not supported | Please reproduce against main |
If you are using a fork, keep it synced with main to receive security updates.
- Accidental secrets committed to the repo (API keys, tokens, credentials)
- Malicious code (backdoors, credential stealers, obfuscated payloads)
- Unsafe patterns in runnable examples (e.g.,
evalon untrusted input, insecure deserialization) when presented as recommended practice - Supply-chain issues in project dependencies (if this repo introduces them)
- GitHub Actions / CI workflow vulnerabilities (if present)
- General code style or correctness issues without security impact
- Vulnerabilities in third-party services not controlled by this repo
- Issues in forks or downstream copies not maintained here
- Never commit real secrets to the repository.
- If you discover a secret in the repo history, report it privately (advisory/email) and avoid spreading it further (screenshots, logs, re-posting the value).
- Maintainers may rotate/revoke secrets and rewrite history if needed.
If you report a valid vulnerability, we may:
- Confirm and triage severity
- Prepare a fix on
main - Publish an advisory / release note (when appropriate)
- Credit the reporter (optional, only with permission)
- Email:
abhisek2004panda@gmail.com - Repository:
https://github.com/abhisek2004/45-Days-Python-Development-Challenge