[go: up one dir, main page]

Skip to content

Security: projectdiscovery/nuclei

SECURITY.md

Reporting Security Issues to ProjectDiscovery

At ProjectDiscovery, we prioritize the security of our software products and services, which includes maintaining the security of our open source code repositories hosted on GitHub.

If you discover a potential security vulnerability in any of the repositories owned by ProjectDiscovery, we kindly request that you report it to us through coordinated disclosure.

Please refrain from reporting security vulnerabilities through public GitHub issues, discussions, or pull requests.

Instead, please reach out to us via email at security@projectdiscovery.io.

To assist us in understanding and resolving the issue effectively, please provide us with as much of the following information as possible:

  • The type of vulnerability identified (e.g., remote code execution, SQL injection, or cross-site scripting)
  • Full paths of the relevant source file(s) where the vulnerability is manifested
  • The location of the affected source code (tag/branch/commit or direct URL)
  • Any specific configuration required to reproduce the issue
  • Step-by-step instructions to replicate the issue
  • Proof-of-concept or exploit code (if feasible)
  • The potential impact of the vulnerability, including potential methods of exploitation by an attacker

Providing this information will facilitate the prompt triaging of your report.

Thank you for your contribution to ensuring the safety of ProjectDiscovery.

Learn more about advisories related to projectdiscovery/nuclei in the GitHub Advisory Database