Skip to content

Security: lopes/lopes.id

.github/SECURITY.md

Security Policy

This is a personal website. There is no software product to patch, but the site itself can have security issues worth reporting.

What to report

  • Exposed secrets or credentials in the repository or site
  • Vulnerable third-party dependencies (Python packages, GitHub Actions)
  • Content injection or XSS in the rendered site
  • Misconfigured headers, CSP, or access controls

How to report

Use GitHub's private vulnerability reporting for anything sensitive. For non-sensitive issues (broken links, public misconfigurations), open a regular issue.

I'll review reports as time allows. This is a personal project — no SLA, no bug bounty.

There aren't any published security advisories