GitHub takes the security of our software products and services seriously, including the open source code repositories managed through our GitHub organizations, such as cli.

If you believe you have found a security vulnerability in GitHub CLI, you can report it to us in one of two ways:

• Report it to this repository directly using private vulnerability reporting. Such reports are not eligible for a bounty reward.

• Submit the report through HackerOne to be eligible for a bounty reward.

Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.

Thanks for helping make GitHub safe for everyone.