Skip to content

Security: how to privately report a vulnerability? #188

Description

Hi — I found a security issue (cross-tenant access control) in abby that I'd like to report privately, not in a public issue.

Your repo doesn't have a SECURITY.md and private vulnerability reporting (GitHub Security Advisories) doesn't appear to be enabled. Could you either enable private advisories, or share a security contact email so I can send the details responsibly?

Thanks.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions