If you believe you found a security vulnerability with NeuML projects, please send a message to [email protected].
In your message, please include:
- Reproducible steps to trigger the vulnerability.
- An explanation of what makes you think there is a direct vulnerability specifically with the project.
- Confirm this is indeed relevant to the specific project and not an upstream library/framework vulnerability.
- Any additional relevant information you may have.
We'll review your report promptly and perform an analysis to confirm that it's indeed a vulnerability.
We won't disclose any information you share with us but we'll use it to get the issue fixed.
If we feel this vulnerability is really a vulnerability in an upstream library/framework dependency, we'll decline this report and direct you to the relevant project.
Our goal is to disclose relevant bugs as soon as possible once a user mitigation is available.