Private security disclosure route?
Hi maintainers,
I have a security-relevant report on antvis/mcp-server-chart (default Docker deployment configuration). Looking for a private disclosure channel before sharing details.
I checked:
- The repo doesn't have
SECURITY.md at the root or under .github/.
- GitHub Private Vulnerability Reporting is disabled for the repo (per
gh api /repos/antvis/mcp-server-chart/private-vulnerability-reporting).
- I tried
pub_antv@antgroup.com (the email on the antvis GitHub Org profile), but it bounced with 554 RCPT dosn't exist.
Could a maintainer:
- Confirm a working private security email (e.g.,
security@antv.antgroup.com, an AntGroup security contact, or a direct maintainer email)?
- Or enable GitHub Private Vulnerability Reporting on this repo so I can file there?
Happy to coordinate on whichever channel works. The finding is Medium-severity (default deployment configuration), 90-day disclosure window from first contact.
Thanks,
Ryan Vonbrubeck (@dodge1218 / vonbrubeck@gmail.com)
Private security disclosure route?
Hi maintainers,
I have a security-relevant report on
antvis/mcp-server-chart(default Docker deployment configuration). Looking for a private disclosure channel before sharing details.I checked:
SECURITY.mdat the root or under.github/.gh api /repos/antvis/mcp-server-chart/private-vulnerability-reporting).pub_antv@antgroup.com(the email on the antvis GitHub Org profile), but it bounced with554 RCPT dosn't exist.Could a maintainer:
security@antv.antgroup.com, an AntGroup security contact, or a direct maintainer email)?Happy to coordinate on whichever channel works. The finding is Medium-severity (default deployment configuration), 90-day disclosure window from first contact.
Thanks,
Ryan Vonbrubeck (@dodge1218 / vonbrubeck@gmail.com)