Responsible & Private vulnerability disclosure

e-bel / ebel

Software package for parsing and validating Biological Expresison Language files as well as constructing and enriching knowledge graphs in the OrientDB environment.

MIT License

6 stars 1 forks source link

Responsible & Private vulnerability disclosure #9

Closed Sim4n6 closed 1 year ago

Sim4n6 commented 1 year ago

Hi,

I may have identified a low-severity vulnerability in e-bel/ebel codebase. Please consider enabling the GitHub private vulnerability reporting so the process can go smoothly...

https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository

Thank you in advance

brucetony commented 1 year ago

CodeQL has been implemented, thank you for bringing this to our attention

Sim4n6 commented 1 year ago

I was more expecting that you enable private reporting feature so that I submit a vulnerability report...