GitHub has a feature that allows creating a draft security advisory to privately discuss and fix a security vulnerability, similar to how issue templates work.
For example, Next.js has this feature enabled:
I believe this would improve the process of reporting potential vulnerabilities in Express and its packages.
GitHub has a feature that allows creating a draft security advisory to privately discuss and fix a security vulnerability, similar to how issue templates work.
For example, Next.js has this feature enabled:
I believe this would improve the process of reporting potential vulnerabilities in Express and its packages.
ref: