SECURITY.md

GitHub takes the security of our software products and services seriously, including the open source code repositories managed through our GitHub organizations, such asGitHub.

If you believe you have found a security vulnerability in this GitHub-owned open source repository, you can report it to us in one of two ways.

If the vulnerability you have found isnotin scope for the GitHub Bug Bounty Program or if you do not wish to be considered for a bounty reward, please report the issue to us directly usingprivate vulnerability reporting.

If the vulnerability you have found isin scope for the GitHub Bug Bounty Program and you would like for your finding to be considered for a bounty reward, please submit the vulnerability to us throughHackerOne in order to be eligible to receive a bounty award.

Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.

Thanks for helping make GitHub safe for everyone.