We take the security of our software seriously. If you believe you have found a security vulnerability in any Broken Hands repository, please report it to us responsibly using one of the methods below.
Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.
Instead, use either of the following:
- Email: security@brokenhands.io
- GitHub private vulnerability reporting: Use the Report a vulnerability button on the repository's Security tab.
Please include as much detail as you can to help us understand and reproduce the issue, such as:
- The affected repository and version
- A description of the vulnerability and its potential impact
- Steps to reproduce, including any proof-of-concept code
- Any suggested mitigations, if known
- We will acknowledge your report within one week.
- We aim to provide a fix within 30 days of acknowledgement, unless otherwise agreed with you.
- We will keep you informed of our progress and will let you know when the issue has been resolved.
We appreciate your efforts to disclose your findings responsibly and will make every effort to acknowledge your contribution.