GitHub takes the security of our software products and services seriously, including the open source code repositories managed through our GitHub organizations, such as [cli](https://github.com/cli).

If you believe you have found a security vulnerability in GitHub CLI, you can report it to us in one of two ways:

* Report it to this repository directly using [private vulnerability reporting][]. Such reports are not eligible for a bounty reward.

* Submit the report through [HackerOne][] to be eligible for a bounty reward.

**Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.**

Thanks for helping make GitHub safe for everyone.

  [private vulnerability reporting]: https://github.com/cli/cli/security/advisories
  [HackerOne]: https://hackerone.com/github