This repository is mostly documentation and contribution scaffolding, but security issues can still exist in examples, templates, links, or future automation.

• Exposed credentials, tokens, or secrets committed to the repository
• Malicious or misleading links in repository content
• Instructions or templates that could trigger destructive local or SaaS actions without clear warnings
• Vulnerabilities in repository automation, CI, site generation, or dependencies if those are added
• Contribution flows that could cause unsafe disclosure of private data

• Disagreement with editorial quality, ranking, or taxonomy choices
• Missing sources or weak claims in an entry
• Vulnerabilities in third-party servers or products that are only mentioned in the catalog, unless this repository directly exposes them

Use a normal issue or pull request for those cases.

• Prefer GitHub private vulnerability reporting or a GitHub Security Advisory if the repository has it enabled.
• If that is not available, contact a maintainer through a private contact method listed on their GitHub profile.
• Do not open a public issue for an active vulnerability until a maintainer confirms it is safe to disclose.

• A short description of the issue
• The affected file or path
• The impact or plausible risk
• Steps to reproduce or verify
• A suggested mitigation, if you already have one

• Maintainers aim to acknowledge reports within 7 days.
• They may ask for clarification or a minimal reproduction.
• After triage, maintainers will coordinate a fix and decide on disclosure timing.

Please avoid posting live secrets, exploit details, or sensitive internal information in public threads.