Up for Grabs is a static website that helps people discover open source projects looking for contributors. Security issues relevant to this project include:

• Cross-site scripting (XSS) in the site's JavaScript
• Content injection or data manipulation affecting the project listings
• Vulnerabilities in the site's dependencies

Issues with the listed projects themselves should be reported directly to those projects, not here.

Please do not open a public GitHub issue for security vulnerabilities.

Report security vulnerabilities by using GitHub's private vulnerability reporting.

Please include:

• A description of the vulnerability
• Steps to reproduce the issue
• Potential impact
• Any suggested mitigations (optional)

We aim to respond to reports within 7 days and will keep you informed as we work toward a fix.

Only the current production deployment of up-for-grabs.net is actively maintained.