If you find a security issue please let us know through the following public and/or private communication channels. Use the method you believe fits the vulnerability best.
- Github issue/discussion
- Galaxypedia discord server
- Github private vulnerability support
- Emailing [email protected]
- A description of the vulnerability
- Estimated exposure
- Is it something that might concern a user every now and then? every visit? if they perform a certain action?
- How long you believe the vulnerability has existed in the codebase
- CVSS
- Much like the above, it helps us get a bearing on the scale of the vulnerability
- If the CVSS is high enough, we might be compelled to notify the userbase after fixing the vulnerability
- Reproduction steps
We take security issues seriously regardless of CVSS or metrics, and try to give our full attention to every report.
We're an open source project with donations being our primary source of funding. While we may not be able to support you financially, we believe in giving credit where credit is due. We'll make sure to give you full credit for identifying the vulnerability. We strive to show our appreciation in any way we can.
Thanks for helping make the Galaxypedia more secure