The table below indicates which versions of astropy are currently being supported with security updates.

GitHub private security vulnerability reporting should be enabled for astropy. But if that does not work for whatever reason, please report to the @astropy/security-team that is also listed on the Astropy Team listing.

We will respond as soon as we are able. If vulnerability is accepted, we will work on a hotfix. The timing depends on the available resources and the severity/risk of the vulnerability. If a vulnerability is declined, we will take no further action as far as code is concerned. Either way, we will communicate back to you.

Thank you for your help!