Skip to content

Security: qingyan01/nebula

Security

.github/Security.md

Vulnerability Assessment Reporting: Beginner's Guide

NebulaGraph is dedicated to offering stable and secure data services. We recognize the importance of community contributions to our security posture and invite you to report any vulnerabilities you may discover.

Should you identify a potential security vulnerability within NebulaGraph or encounter a security incident, we urge you to get in touch with our team.

For efficient communication, please send your findings to (security@vesoft.com) with the following details:

  • Vulnerability name (*): Provide a clear, concise title. Include a CVE identifier if available.
  • Description of the security issue (*): Elaborate on the security concern.
  • Impacted Components (*): Specify affected modules and their version numbers.
  • Reproduction Steps (*): Detail the process to verify the vulnerability.
  • Suggested Remediation: Offer potential solutions if possible.
  • Contact information (*):
    • Name
    • Email
    • Organization
    • Consent for Identity Disclosure

Fields marked with an asterisk (*) are mandatory.

Response Protocol

The NebulaGraph security team pledges to acknowledge receipt of your report via email within one working day.

Post-resolution, we will promptly notify you and extend our gratitude for your invaluable assistance in enhancing NebulaGraph's security.

Disclosure of the vulnerability will be withheld until an official patch is released. We appreciate your discretion and cooperation.

We thank you for your attention to these guidelines and look forward to your participation in securing NebulaGraph.

There aren’t any published security advisories