We encourage responsible disclosure practices for security vulnerabilities.
If you believe you've found a security-related bug, fill out a new vulnerability report via GitHub directly. To do so follow these instructions:
- Click on the
Security
tab in the project repository. - Click the green
Report a vulnerability
button at the top right corner. - Fill in the form as accurately as you can, including as many details as possible.
- Click the green
Submit report
button at the bottom.
Alternatively, drop an email to our ?subject=[Security issue report] [PROJECT_NAME] SHORT TITLE...&body=I am writing to inform you that PROJECT_NAME has a pottential vulnerability and here are extremely detailed steps of how to exploit this dangerous behavior: 1. 2. 3. ">aio-libs security mailbox instead of filing a ticket or posting to any public groups. It is currently set up to forward every incoming letter to ?subject=[Security issue report] [PROJECT_NAME] SHORT TITLE...&body=I am writing to inform you that PROJECT_NAME has a pottential vulnerability and here are extremely detailed steps of how to exploit this dangerous behavior: 1. 2. 3. ">Andrew Svetlov, ?subject=[Security issue report] [PROJECT_NAME] SHORT TITLE...&body=I am writing to inform you that PROJECT_NAME has a pottential vulnerability and here are extremely detailed steps of how to exploit this dangerous behavior: 1. 2. 3. ">Sam Bull and ?subject=[Security issue report] [PROJECT_NAME] SHORT TITLE...&body=I am writing to inform you that PROJECT_NAME has a pottential vulnerability and here are extremely detailed steps of how to exploit this dangerous behavior: 1. 2. 3. ">Sviatoslav Sydorenko. You can choose to email us directly as well. We will try to assess the problem in timely manner and disclose it in a responsible way.