The EvalScope team and community take all security bugs in EvalScope seriously. We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions.
To report a security issue, please use the GitHub Security Advisory "Report a Vulnerability" tab. Please do not report security vulnerabilities through public GitHub issues. You should receive a response within 48 hours. If for some reason you do not, please follow up to ensure we received your original message. When reporting a vulnerability, please include the following information to help us better understand the issue:
- A description of the vulnerability
- Steps to reproduce the issue
- The potential impact of the vulnerability
- Any known mitigations or workarounds