This is the security notice for all Python Discord repositories. The notice explains how vulnerabilities should be reported.
Reporting a Vulnerability¶
If you've found a vulnerability, we would like to know so we can fix it before it is released publicly. Do not open a GitHub issue for a found vulnerability.
Send details to [email protected] or through a Discord direct message to an Admin of Python Discord, including:
- the website, page or repository where the vulnerability can be observed
- a brief description of the vulnerability
- optionally the type of vulnerability and any related OWASP category
- non-destructive exploitation details
We will do our best to reply as fast as possible.
The following vulnerabilities are not in scope:
- volumetric vulnerabilities, for example overwhelming a service with a high volume of requests
- reports indicating that our services do not fully align with “best practice”, for example missing security headers
If you aren't sure, you can still reach out via email or direct message.
This notice is inspired by the GDS Security Notice.