If you wish to report a security vulnerability privately, we appreciate your diligence. Please follow the guidelines below to submit your report.
To report a security vulnerability, please provide the following information:
-
PUBLIC
- Indicate whether this vulnerability has already been publicly discussed or disclosed.
- If so, provide relevant links.
-
DESCRIPTION
- Provide a detailed description of the security vulnerability.
- Include as much information as possible to help us understand and address the issue.
Report this, along with any additional relevant details in GitHub Advisory.
We kindly ask you to keep the report confidential until a public announcement is made.
- Vulnerabilities will be handled on a best-effort basis.
- You will be notified, via your GitHub Advisory report, about eventual patches.
- We will respond within a few weeks to confirm whether your report has been accepted or rejected.
Thank you for helping to improve the security of Starship!