Skip to content

Security: badges/shields

Security

SECURITY.md

Security Policy

Supported Projects

Please follow this guidance when reporting security issues affecting:

The gh-badges and svg-to-image-proxy NPM packages are now deprecated and will no longer receive fixes for bugs or security issues.

Reporting a Vulnerability

If you find a security vulnerability affecting any of our supported projects, please email security@shields.io, rather than opening a public issue on GitHub. After receiving the initial report, we will endeavor to keep you informed of the progress towards a fix and full announcement. We may ask you for additional information. You are also welcome to propose a patch or solution.

Report security bugs in third-party modules to the person or team maintaining the module.

Coordinated Disclosure

We aim to patch confirmed vulnerabilities within 90 days or less, disclosing the details of those vulnerabilities when a patch is published. We ask that you refrain from sharing your report with others while we work on our patch.

We may want to coordinate an advisory with you to be published simultaneously with the patch, but you are also welcome to self-disclose after 90 days if you prefer. We will never publish information about you or our communications with you without your permission.

Learn more about advisories related to badges/shields in the GitHub Advisory Database