AboutCode.org and the nexB Inc. team take the security of our software products and services seriously.
We generally support the latest major version of our software. Please check the specific repository's README.md or release notes for detailed version support information.
If you find a security vulnerability in any of our projects, please report it to us as soon as possible.
Do not report security vulnerabilities through public GitHub issues.
Instead, please report them via email to security@aboutcode.org.
Please include as much information as possible in your report, including:
- The project and version affected.
- A description of the vulnerability.
- Steps to reproduce the issue (proof-of-concept code is helpful).
- The potential impact of the vulnerability.
We will acknowledge receipt of your report within 48 hours. We strive to fix valid critical vulnerabilities as quickly as possible and will keep you updated on our progress.
We encourage security researchers to follow responsible disclosure practices:
- Give us reasonable time to fix the issue before making it public.
- Do not exploit the vulnerability to access or manipulate user data.
- Respect the privacy of our users.
Thank you for helping keep the open source community secure!