# Security Reporting

If you wish to report a security vulnerability privately, we appreciate your diligence. Please follow the guidelines below to submit your report.

## Reporting

To report a security vulnerability, please provide the following information:

1. **PUBLIC**
   - Indicate whether this vulnerability has already been publicly discussed or disclosed.
   - If so, provide relevant links.

2. **DESCRIPTION**
   - Provide a detailed description of the security vulnerability.
   - Include as much information as possible to help us understand and address the issue.

Report this, along with any additional relevant details in [GitHub Advisory](https://github.com/starship/starship/security/advisories/new).

## Confidentiality

We kindly ask you to keep the report confidential until a public announcement is made.

## Notes

- Vulnerabilities will be handled on a best-effort basis.
- You will be notified, via your GitHub Advisory report, about eventual patches.
- We will respond within a few weeks to confirm whether your report has been accepted or rejected.

Thank you for helping to improve the security of Starship!