The Beginner Privacy team takes security vulnerabilities very seriously and appreciates your responsible disclosure efforts. We will make every effort to acknowledge your contributions and handle them promptly.

To report a security issue, please use one of the following methods:

• GitHub Security Advisory: Use the "Report a Vulnerability" tab on our GitHub repository.

Please DO NOT use public channels (e.g., GitHub Issues, SimpleX chat) for reporting security vulnerabilities.

If you discover vulnerabilities in third-party modules used by Beginner Privacy, please report them to the maintainers of the respective modules. If the vulnerability impacts Beginner Privacy directly, we encourage you to notify us using the above methods.

When reporting, please ensure the issue falls under what can be considered a genuine security vulnerability for Beginner Privacy. Some examples include:

• Cross-Site Scripting (XSS)
• Sensitive Data Exposure
• Malicious File Uploads

The following issues are not considered security vulnerabilities:

• Crashes or misbehavior resulting from normal use (report this as a normal issue).
• Vulnerabilities found in third-party modules (should be reported to the module’s maintainers).
• Denial of Service (DoS)

Please DO NOT submit a report to a Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA) before confirming the security vulnerability with the Beginner Privacy team. If we do not respond to your report within 30 days, this restriction no longer applies.