MONAI takes security seriously and appreciate your efforts to responsibly disclose vulnerabilities. If you discover a security issue, please report it as soon as possible.

To report a security issue:

• please use the GitHub Security Advisories tab to "Open a draft security advisory".
• Include a detailed description of the issue, steps to reproduce, potential impact, and any possible mitigations.
• If applicable, please also attach proof-of-concept code or screenshots.
• We aim to acknowledge your report within 72 hours and provide a status update as we investigate.
• Please do not create public issues for security-related reports.

• We follow a coordinated disclosure approach.
• We will not publicly disclose vulnerabilities until a fix has been developed and released.
• Credit will be given to researchers who responsibly disclose vulnerabilities, if requested.

We greatly appreciate contributions from the security community and strive to recognize all researchers who help keep MONAI safe.