The github-docs-cookiecutter project is built with security and data privacy in mind to ensure your data is safe.

We are grateful for security researchers and users reporting a vulnerability to us, first. To ensure that your request is handled in a timely manner and non-disclosure of vulnerabilities can be assured, please follow the below guideline.

Please do not report security vulnerabilities directly on GitHub. GitHub Issues can be publicly seen and therefore would result in a direct disclosure.

For reporting a vulnerability, please send an email directly to jcook3701's email.

To help us verify and resolve issues efficiently, please ensure your security vulnerability report includes the following:

• Vulnerability Type and the specific component or URL affected.
• Detailed Steps to Reproduce the issue, including any specific configurations needed.
• Proof of Concept (PoC) such as HTTP requests, scripts, or screen recordings.
• Impact Assessment describing what a successful exploit would allow an attacker to do.
• Reproduction Environment details, including the browser, OS, or software version used.
• Suggested Mitigation or fix, if you have identified one.

All reports are handled with strict confidentiality. We ask that you follow responsible disclosure by giving us reasonable time to investigate and fix the issue before sharing any details publicly.

We are committed to timely review and respond to your request. The resolution of code defects will be handled by a dedicated group of security experts and prepared in a private GitHub repository. The project will inform the public about resolved security vulnerabilities via GitHub Security Advisories.