Deranged Senators Security Policy

At DerangedSenators, we take the security of our products and services seriously and this applies to all of our public and private GitHub repositories.

If you believe that you may have uncovered a vulnerability in any of our repositories, please report it directly to us.

Supported Versions

See the file within the repository for a list of supported versions

Reporting a Vulnerability

Please do not report vulnerabilities through the public Issue/Discussion pages

Instead, please contact us directly here

Please include, in a zip file the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:

  • Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
  • Full paths of source file(s) related to the manifestation of the issue
  • The location of the affected source code (tag/branch/commit or direct URL)
  • Any special configuration required to reproduce the issue
  • Step-by-step instructions to reproduce the issue
  • Proof-of-concept or exploit code (if possible)
  • Impact of the issue, including how an attacker might exploit the issue

This information will help us triage your report more quickly. Additionally, please encrypt the zip file using our PGP key; this can be downloaded from our PGP Key Page

Submitting Patches for the Vulnerability

We would appreciate patches submitted with the vulnerability report as it would help us to push a fix sooner. If you have a patch prepared, let us know in your vulnerability report, and we will be in touch


DerangedSenators follows the principle of Coordinated Vulnerability Disclosure (CVD)