If you've found a vulnerability, we would like to know so we can fix it before it is released publicly. Do not open a GitHub issue for a found vulnerability.

Send details to [email protected] including:

• where the vulnerability can be observed
• a brief description of the vulnerability
• optionally the type of vulnerability
• non-destructive exploitation details We will do our best to reply as fast as possible.

This notice is inspired by Modrinth's Security Policy.