Andrey/uptime-kuma
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
master
uptime-kuma/.github/ISSUE_TEMPLATE/security_issue.yml
Frank Elsinga 6658f2ce41
chore: format the .github folder (#6654)
2026-01-09 00:25:03 +00:00

55 lines
2.9 KiB
YAML
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
name: 🛡️ Security Issue
description: |
Notify Louis Lam about a security concern. Please do NOT include any sensitive details in this issue.
# title: "Security Issue"
labels: ["security"]
assignees: [louislam]
body:
- type: markdown
attributes:
value: |
## ❗ IMPORTANT: DO NOT SHARE VULNERABILITY DETAILS HERE
## Please do not open issues for upstream dependency scan results.
Automated security tools often report false-positive issues that are not exploitable in the context of Uptime Kuma.
Reviewing these without concrete impact does not scale for us.
If you can demonstrate that an upstream issue is actually exploitable in Uptime Kuma (e.g. with a PoC or reproducible steps), were happy to take a look.
### ⚠️ Report a Security Vulnerability
**If you have discovered a security vulnerability, please report it securely using the GitHub Security Advisory.**
**Note**: This issue is only for notifying the maintainers of the repository, as the GitHub Security Advisory does not automatically send notifications.
- **Confidentiality**: The information you provide in the GitHub Security Advisory will initially remain confidential. However, once the vulnerability is addressed, the advisory will be publicly disclosed on GitHub.
- **Access and Visibility**: Until the advisory is published, it will only be visible to the maintainers of the repository and invited collaborators.
- **Credit**: You will be automatically credited as a contributor for identifying and reporting the vulnerability. Your contribution will be reflected in the MITRE Credit System.
- **Important Reminder**: **Do not include any sensitive or detailed vulnerability information in this issue.** This issue is only for sharing the advisory URL to notify the maintainers of the repository, not for discussing the vulnerability itself.
**Thank you for helping us keep Uptime Kuma secure!**
## **Step 1: Submit a GitHub Security Advisory**
Right-click the link below and select `Open link in new tab` to access the page.
This will keep the security issue open, allowing you to easily return and paste the Advisory URL here later.
➡️ [Create a New Security Advisory](https://github.com/louislam/uptime-kuma/security/advisories/new)
## **Step 2: Share the Advisory URL**
Once you've created your advisory, please share the URL below.
This will notify Louis Lam and enable them to take the appropriate action.
- type: textarea
id: github-advisory-url
validations:
required: true
attributes:
label: GitHub Advisory URL for @louislam
placeholder: |
Please paste the GitHub Advisory URL here. Only the URL is required.
Example: https://github.com/louislam/uptime-kuma/security/advisories/GHSA-8h5r-7t6l-q3kz
Reference in New Issue View Git Blame Copy Permalink