definitive-opensource/.github/SECURITY.md

Security Policy

The inherent nature of this project has no security vulnerabilities, but this isn't the case for the hundreds of projects we feature here. Raise an issue if a project had/is having a security incident, and it will be labeled with the appropriate tag.

🟡 🟠 🔴 ⭕ - Security incident (Minor, Moderate, Major, Critical)

🟡 - Low impact issues that do not significantly compromise security

• Weak encryption
• Oudated dependencies with low-severity CVEs.
• Minor security concerns raised but not actively exploited

🟠 - Issues that pose a potential risk but not actively exploited

• Outdated dependencies with moderate-severity CVEs

🔴 - High impact issues that are being actively exploited, resulting in a significant security breach

• Outdated dependencies with major security risks
• Leaked API keys

⭕ - Catastrophic issues with widespread impact

• Zero-day exploits
• Full system compromise
• Mass data breach