# 🔐 Reporting vulnerabilities and security issues

## Report a security issue

The project team welcomes security reports and is committed to providing prompt attention to security issues. Security issues should be reported privately via [contact@boul2gom.com](mailto:contact@boul2gom.com). Security issues should not be reported via the public GitHub Issue tracker.

## Vulnerability coordination

Remediation of security vulnerabilities is prioritized by the project team. The project team coordinates remediation with third-party project stakeholders via [GitHub Security Advisories](https://help.github.com/en/github/managing-security-vulnerabilities/about-github-security-advisories). Third-party stakeholders may include the reporter of the issue, affected direct or indirect users of yt-dlp, and maintainers of upstream dependencies if applicable.

Downstream project maintainers and users can request participation in coordination of applicable security issues by sending your contact email address, GitHub username(s) and any other salient information to [contact@boul2gom.com](mailto:contact@boul2gom.com). Participation in security issue coordination processes is at the discretion of boul2gom, the project team, and the security issue reporter.

## Security advisories

The project team is committed to transparency in the security issue disclosure process. The team announces security issues via README.md and the [RustSec advisory database](https://github.com/RustSec/advisory-db) (i.e. `cargo-audit`).