Security Notice <p> This is the security notice for all Modrinth repositories.
The notice explains how vulnerabilities should be reported.
</p> Reporting a Vulnerability <p> If you've found a vulnerability, we would like to know so we can fix it before it is released publicly.
<strong>Do not open a GitHub issue for a found vulnerability</strong>.
</p>
<p> Send details to jai@modrinth.com including: </p>
<ul>
<li> the website, page or repository where the vulnerability can be observed </li>
<li>a brief description of the vulnerability</li>
<li> optionally the type of vulnerability and any related OWASP category </li>
<li>non-destructive exploitation details</li>
</ul>
<p>We will do our best to reply as fast as possible.</p> Scope <p>The following vulnerabilities <strong>are not</strong> in scope:</p>
<ul>
<li> volumetric vulnerabilities, for example overwhelming a service with a high volume of requests </li>
<li> reports indicating that our services do not fully align with "best practice", for example missing security headers </li>
</ul>
<p> If you aren't sure, you can still reach out via email or direct message.
</p>
<p> This notice is inspired by the Python Discord Security Notice.
</p>
<p>
<em>Version 2022-11</em>
</p>