Skip to content

Security: aio-libs/aiohttp

SECURITY.md

Reporting Vulnerabilities

⚠️ Please do not file public GitHub issues for security vulnerabilities as they are open for everyone to see! ⚠️

We encourage responsible disclosure practices for security vulnerabilities.

Reporting a Vulnerability

If you believe you've found a security-related bug, fill out a new vulnerability report via GitHub directly. To do so, follow these instructions:

  1. Click on the Security tab in the project repository.
  2. Click the green Report a vulnerability button at the top right corner.
  3. Fill in the form as accurately as you can, including as many details as possible.
  4. Click the green Submit report button at the bottom.

Don't have a GitHub account?

Alternatively, drop an email to our aio-libs security mailbox instead of filing a ticket or posting to any public groups. It is currently set up to forward every incoming letter to Andrew Svetlov, Sam Bull and Sviatoslav Sydorenko. You can choose to email us directly as well. We will try to assess the problem in timely manner and disclose it in a responsible way.

Learn more about advisories related to aio-libs/aiohttp in the GitHub Advisory Database