If you've found a vulnerability, we would like to know so we can fix it before it is released publicly. Do not open a GitHub issue for a found vulnerability.
Send details to [email protected] including:
- where the vulnerability can be observed
- a brief description of the vulnerability
- optionally the type of vulnerability
- non-destructive exploitation details We will do our best to reply as fast as possible.
This notice is inspired by Modrinth's Security Policy.