search

kizniche / Mycodo

An environmental monitoring and regulation system
http://kylegabriel.com/projects/
GNU General Public License v3.0
2.89k stars 486 forks source link

Enable Private Vulnerability Reporting in GitHub #1332

Closed ZuhairORZaki closed 9 months ago

ZuhairORZaki commented 10 months ago

In your repository, we have found a bug that may require your attention. We do not want to disclose the details. Therefore, we request you to enable private vulnerability reporting in your repository.

Sponsorship and Support:

This work is done by the security researchers from OpenRefactory and is supported by the Open Source Security Foundation (OpenSSF): Project Alpha-Omega. Alpha-Omega is a project partnering with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code - and get them fixed - to improve global software supply chain security.

The bug is found by running the iCR tool by OpenRefactory, Inc. and then manually triaging the results.

kizniche commented 10 months ago

Thank you. I've enabled private vulnerability reporting.

kizniche commented 9 months ago

Published at https://github.com/kizniche/Mycodo/security/advisories/GHSA-jjhj-w3hx-5gqp