Skip to content

Security: ESMAP-World-Bank-Group/gridflow

Security

SECURITY.md

Security Policy

We take the security of our projects seriously and appreciate responsible disclosure.

Reporting a Vulnerability

Please do not report security vulnerabilities through public GitHub issues, pull requests, or discussions — that would expose the issue to everyone before it can be fixed.

Instead, report it privately:

  • Preferred: use GitHub's "Report a vulnerability" button under the repository's Security tab (Security → Advisories). This opens a private channel with the maintainers.
  • If private reporting is not available on a given repository, contact the maintainers privately (for example via the contact listed in that repository's README) rather than opening a public issue.

When reporting, please include as much of the following as you can:

  • A description of the vulnerability and its potential impact.
  • Steps to reproduce, or a proof of concept.
  • The affected repository, version/commit, and environment.
  • Any suggested mitigation, if you have one.

What to Expect

  • We will acknowledge your report as soon as we reasonably can.
  • We will investigate, keep you informed of progress, and let you know once a fix is available.
  • We ask that you give us a reasonable opportunity to address the issue before any public disclosure.

Thank you for helping keep these projects and their users safe.

There aren't any published security advisories