kube-bind uses GitHub to allow submission of private security reports. Please report any security finding via this link. Maintainers will triage your report as soon as possible and get in touch with you via your report in case they have more questions.
As a security researcher, please report vulnerabilities to kube-bind in a coordinated vulnerability disclosure (CVD) fashion.
In return, maintainers pledge to engage in good faith and collaborate with security researchers to address and publish vulnerabilities found in kube-bind as soon as possible. We will not pursue or support legal action for good‑faith security research that adheres to this policy and avoids privacy violations, data exfiltration, or service disruption.
Please understand that the maintainers also do not accept results of dependency scanners without proof that the detected CVE / vulnerability can be used against kube-bind.
Advisories are managed through GitHub Security Advisories. Where applicable, we request CVE IDs via GitHub’s CNA during the advisory process and credit reporters upon release. Please visit Security Advisories to review security bulletins published by the maintainers.