# Reporting Security Issues

If you discover a security issue in Pawkey, please report it by sending an
email to [leafus@pawkey.dev](mailto:leafus@pawkey.dev).

This will allow us to assess the risk, and make a fix available before we add a
bug report to the GitLab repository.

Thanks for helping make Pawkey safe for everyone.

> [!note]
> CNA [requires](https://www.cve.org/ResourcesSupport/AllResources/CNARules#section_5-2_Description) that CVEs include a description in English for inclusion in the CVE Catalog.
> 
> When creating a security advisory, all content must be written in English (it is acceptable to include a non-English description along with the English one).

## When create a patch

If you can also create a patch to fix the vulnerability, please create a PR on the private fork.

> [!note]
> There is a GitHub bug that prevents merging if a PR not following the develop branch of upstream, so please keep follow the develop branch.