Note: If you are using GitHub Security Advisories, the CVE ID and date will be included in the header. For channels other than GitHub Security Advisories, including mailing list announcements, begin your public disclosure notice with the following: Security advisory for $CVEID
A brief (as short as possible, about a paragraph) summary of the vulnerability using technical details. The goal of this is to allow the vendor to do a quick assessment of what the bug is about.
[Low, Medium, HIGH, CRITICAL] - Accompany your assessment with a motivation, and even a good attack scenario to explain the risk associated with the vulnerability. Including CVSS scoring is optional, but if you include the score, also include the vector phrase.
CODE or Command Lines. We want to offer a concrete, usable, and repeatable way for the vendor to reproduce the issue you are raising so they can test fixes and mitigations.
Known remediations. If one is a software update, note the version(s) that fix it.
If you wish to add more context or information, we recommend adding it after the critical sections mentioned here. If you know the vulnerability has been exploited in the wild, add that here.
Date reported:
Date fixed:
Date disclosed:
(Optional - communication and updates summary)