Public repositories under this account are maintained on a best-effort basis. Security fixes are prioritized for active projects and reusable templates.
Please do not open a public issue for vulnerabilities, leaked credentials, database URIs, private keys, or exploitable bugs.
Preferred reporting path:
- Use GitHub private vulnerability reporting on the affected repository if it is enabled.
- If private reporting is not available, contact the maintainer through a private channel listed on the profile.
Include affected repository/commit, vulnerability type, impact, reproduction steps, and whether credentials or private data may be exposed.
If you accidentally expose a secret:
- Revoke or rotate the secret immediately.
- Remove it from code and configuration.
- Treat git history as compromised unless the secret was never pushed.
- Prefer environment variables or GitHub Actions secrets for future use.
No bounty program is promised unless a repository explicitly says otherwise.