This repository publishes public-domain text data and static scaffolding; it runs no services and processes no user data. The main thing worth reporting is an integrity or supply-chain concern rather than a traditional software vulnerability.
Please report privately using GitHub's Report a vulnerability button (Security → Advisories), rather than opening a public issue.
Examples worth reporting privately:
- Signs the corpus or manifests have been tampered with, or a checksum/DOI mismatch against the Zenodo archive.
- Accidental exposure of credentials or non-public/maintainer material in the repository or its history.
- A security problem in the GitHub Pages catalog site.
We aim to acknowledge reports within a few days. Non-sensitive scaffolding problems can go through the normal issue tracker.