We take the security of our Python Mini Projects seriously. If you discover a security vulnerability, we appreciate your help in disclosing it to us responsibly.
Please DO NOT report security vulnerabilities through public GitHub issues.
Instead, please report security vulnerabilities by:
-
Using GitHub's Private Vulnerability Reporting:
- Go to the "Security" tab of this repository
- Click "Report a vulnerability"
- Fill in the details
-
Or email us directly:
- Email: anujck45@gmail.com
- Include "SECURITY" in the subject line
When reporting a vulnerability, please include:
- Description - Clear explanation of the vulnerability
- Impact - What could an attacker do with this vulnerability
- Steps to Reproduce - Detailed steps to reproduce the issue
- Proof of Concept - Code or screenshots demonstrating the issue
- Suggested Fix - If you have ideas on how to fix it (optional)
- Environment - Python version, OS, etc.
- Initial Response: Within 48 hours
- Status Update: Within 7 days
- Fix Timeline: Depends on severity
- Critical: Within 7 days
- High: Within 14 days
- Medium: Within 30 days
- Low: Within 90 days
We believe in recognizing security researchers:
- 🏆 Contributors who report valid vulnerabilities will be credited (unless they prefer to remain anonymous)
- 🌟 Hall of Fame section in our README for security contributors
- 💖 Our sincere gratitude for helping keep the project secure
| Version | Supported |
|---|---|
| Latest | ✅ Yes |
| Older | ❌ Not supported |
We only provide security updates for the latest version of the projects.
While using these projects:
- ✅ Always use the latest version
- ✅ Review code before running unknown Python files
- ✅ Run projects in isolated environments when testing
- ✅ Keep your Python installation up to date
- ✅ Report any suspicious behavior
The following are generally considered out of scope:
- Issues in third-party libraries (report to the library maintainers)
- Social engineering attacks
- Physical attacks
- Denial of Service attacks on user's local machine
- Issues requiring physical access to a user's device
- Let us know as soon as possible upon discovery of a potential security issue
- Make a good faith effort to avoid privacy violations and service disruptions
- Do not exploit vulnerabilities for personal gain
- Give us reasonable time to address the issue before public disclosure
Thank you for helping keep Python Mini Projects and our users safe!
This repository has the following security features enabled:
- ✅ Dependabot Alerts - Automated dependency vulnerability scanning
- ✅ Code Scanning - Automated code security analysis with CodeQL
- ✅ Private Vulnerability Reporting - Secure way to report vulnerabilities
- ✅ Security Policy - Clear guidelines for reporting issues
Security is everyone's responsibility. Thank you for helping us stay secure! 🛡️